NetApp Security Advisory: October 2021 Redis Vulnerabilities in Products

NetApp, Inc. has published a security advisory concerning Redis vulnerabilities in NetApp products.

This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp.

Advisory ID: NTAP-20211104-0003

Version: 1.0

Last updated: 11/04/2021

Status: Final

CVEs: CVE-2021-32628, CVE-2021-41099, CVE-2021-32672, CVE-2021-32762, CVE-2021-32626, CVE-2021-32627, CVE-2021-32765, CVE-2021-32687, CVE-2021-32675

Overview

Summary
Multiple NetApp products incorporate Redis. Redis versions prior to 5.0.14, prior to 6.0.16 and prior to 6.2.6 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).

Impact
Successful exploitation of these vulnerabilities could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).

Vulnerability scoring details

Exploitation and public announcements
NetApp is aware of public discussion of this vulnerability.

Affected Products

• Management Services for Element Software and NetApp HCI

Remediation

Software versions and fixes
NetApp’s currently available patches are listed below.

Workarounds: None at this time.

Obtaining software fixes
Software fixes will be made available through the NetApp Support website in the Software Download section.

Customers who do not have access to the Support website should contact Technical Support at the number below to obtain the patches.

Contact Information:  Check http://mysupport.netapp.com for further updates.

Status of this notice: Final
This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp.

This advisory is posted at the following link:
https://security.netapp.com/advisory/NTAP-20211104-0003

Revision History