Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. This could allow an unauthenticated attacker to obtain authentication credentials.
[
{
"product": "VASA Provider for Clustered Data ONTAP",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "Versions prior to 7.0P1"
}
]
}
]