Please note: This website includes an accessibility system. Press Control-F11 to adjust the website to the visually impaired who are using a screen reader; Press Control-F10 to open an accessibility menu.

NetApp Clustered Data ONTAP X-Frame-Options Header Vulnerability

NetApp Clustered Data ONTAP X-Frame-Options Header Vulnerability

NetApp Clustered Data ONTAP X-Frame-Options Header Vulnerability

Lenovo Security Advisory: LEN-73443

Potential Impact: Clickjacking

Severity: Medium

Scope of Impact: Industry-wide

CVE Identifier: CVE-2021-27003

 

Summary Description:

NetApp reported that NetApp Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.

 

Mitigation Strategy for Customers (what you should do to protect yourself):

NetApp recommends updating to the appropriate NetApp Clustered Data ONTAP version for your product as indicated in the Product Impact section below.

Lenovo recommends upgrading NetApp Clustered Data ONTAP version 9.5 to a later version or restrict access to the NetApp Clustered Data ONTAP web interface using a firewall.

 

Product Impact:

To download the version specified for your product below, follow these steps:

Navigate to the Drivers & Software support site for your product:

  1. Search for your product by name or machine type.
  2. Click Drivers & Software on the left menu panel.
  3. Click on Manual Update to browse by Component type.
  4. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.

Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:

PC Products and Software: https://support.lenovo.com/us/en/solutions/ht504759

Server and Enterprise Software: https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd and https://datacentersupport.lenovo.com/us/en/documents/lnvo-center

 

Click below links to view affected products:

Storage

 

References:

https://security.netapp.com/advisory/ntap-20211012-0001/

 

Revision History:

Revision Date Description
2 2021-10-22 Updated Mitigation Strategy and Product Impact
1 2021-10-12 Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

 

Product Impact:

Storage

Product Component Minimum Fixed Version
DM120S (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7
DM120S (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7
DM240N (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7
DM240N (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7
DM240S (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7
DM240S (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7
DM3000H (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P15
DM3000H (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) 9.7P15
DM3000H (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Encrypted) 9.6P15
DM3000H (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) 9.6P15
DM3000H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7
DM3000H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7
DM3000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) 9.7P15
DM3000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) 9.7P15
DM3000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2
DM3000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2
DM5000F (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P15
DM5000F (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) 9.7P15
DM5000F (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Encrypted) 9.6P15
DM5000F (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) 9.6P15
DM5000F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7
DM5000F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7
DM5000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) 9.7P15
DM5000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) 9.7P15
DM5000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2
DM5000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2
DM5000H (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P15
DM5000H (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) 9.7P15
DM5000H (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Encrypted) 9.6P15
DM5000H (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) 9.6P15
DM5000H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7
DM5000H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7
DM5000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) 9.7P15
DM5000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) 9.7P15
DM5000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2
DM5000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2
DM5100F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7
DM5100F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7
DM5100F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2
DM5100F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2
DM600S (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P15
DM600S (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7
DM600S (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7
DM7000F (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P15
DM7000F (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) 9.7P15
DM7000F (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Encrypted) 9.6P15
DM7000F (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) 9.6P15
DM7000F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7
DM7000F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7
DM7000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) 9.7P15
DM7000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) 9.7P15
DM7000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2
DM7000F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2
DM7000H (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P15
DM7000H (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Non-encrypted) 9.7P15
DM7000H (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Encrypted) 9.6P15
DM7000H (ThinkSystem) DM Series ONTAP Update Bundle (9.6P12 Non-encrypted) 9.6P15
DM7000H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7
DM7000H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7
DM7000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) 9.7P15
DM7000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) 9.7P15
DM7000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2
DM7000H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2
DM7100F (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P15
DM7100F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7
DM7100F (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7
DM7100F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) 9.7P15
DM7100F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) 9.7P15
DM7100F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2
DM7100F (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2
DM7100H (ThinkSystem) DM Series ONTAP Update Bundle (9.5P15 Encrypted) 9.7P15
DM7100H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Encrypted) 9.8P7
DM7100H (ThinkSystem) DM Series ONTAP Update Bundle (9.8 Non-encrypted) 9.8P7
DM7100H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Encrypted) 9.7P15
DM7100H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.7P9) (Non-encrypted) 9.7P15
DM7100H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Encrypted) 9.9.1P2
DM7100H (ThinkSystem) Lenovo DM Series ONTAP Update Bundle (9.9.1P2) (Non-encrypted) 9.9.1P2

Alias Id:LEN-73443
Document ID:PS500442
Original Publish Date:10/12/2021
Last Modified Date:10/22/2021