{"status":"success","advisory":{"_id":"683547265b16347a91c39df8","kb_acknowledgements":null,"kb_affected_list":["ONTAP 9 (formerly Clustered Data ONTAP)","ONTAP Select Deploy administration utility"],"kb_bad_data":false,"kb_cve":["CVE-2019-13117","CVE-2019-13118"],"kb_exploitation":"Public","kb_fixes":[{"product":"ONTAP 9 (formerly Clustered Data ONTAP)","fixes":[{"link":"https://mysupport.netapp.com/products/ontap9/9.1P20/","cves":[]},{"link":"https://mysupport.netapp.com/products/ontap9/9.3P16/","cves":[]},{"link":"https://mysupport.netapp.com/products/ontap9/9.5P11/","cves":[]},{"link":"https://mysupport.netapp.com/products/ontap9/9.6P3/","cves":[]},{"link":"https://mysupport.netapp.com/products/ontap9/9.7/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"ONTAP Select Deploy administration utility","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/ontapselect-deploy/downloads-tab/download/62910/9.8","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of these vulnerabilities could lead to disclosure of sensitive information.","kb_internal_notes":[{"burt":"1252035","jira":"","product":"ONTAP 9 (formerly Clustered Data ONTAP)"},{"burt":"1252037","jira":"","product":"ONTAP Select Deploy administration utility"},{"burt":"1252038","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":[],"kb_rev_history":[{"comment":"Initial Public Release","date":"20190806","version":"1.0"},{"comment":"Clustered Data ONTAP added to Software Versions and Fixes","date":"20191009","version":"2.0"},{"comment":"ONTAP Select Deploy administration utility added to Software Versions and Fixes, Final status","date":"20240425","version":"3.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2019-13117":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","CVE-2019-13118":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},"kb_scoring_calc":[{"cve_id":"CVE-2019-13117","range":"HIGH","score":7.5,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"cve_id":"CVE-2019-13118","range":"HIGH","score":7.5,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate libxslt. Versions of libxslt through 1.1.33 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information.","kb_title":"July 2019 Libxslt Vulnerabilities in NetApp Products","kb_unaffected_list":["AFF Baseboard Management Controller (BMC) - A700s","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","Active IQ mobile app","Astra Trident","Brocade Fabric Operating System Firmware","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Unified Manager and Web Services Proxy","Element HealthTools","Element Plug-in for vCenter Server","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","IOM6 SAS Disk Shelf Firmware","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp BlueXP","NetApp Converged Systems Advisor Agent","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Compute Node BIOS","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SolidFire & HCI Management Node","NetApp SolidFire & HCI Storage Node (Element Software)","NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)","ONTAP Antivirus Connector","OnCommand Insight","OnCommand Workflow Automation","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapCenter Plug-in for VMware vSphere/BlueXP backup and Recovery for Virtual Machine","SnapManager for Hyper-V","SolidFire Storage Replication Adapter","StorageGRID (formerly StorageGRID Webscale)","StorageGRID Baseboard Management Controller (BMC)","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20190806-0004","adv_id":"ntap-20190806-0004","published_date":"2019-08-06T00:00:00","updated_date":"2024-04-25T00:00:00","inserted_date":"2025-05-27T05:01:26.678000","modified_date":null}}