CVE-2017-12422

medium

Published 2017-08-29 · Modified 2026-05-13

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2

4.0

VIR risk

6.5

Description

NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors.

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://kb.netapp.com/support/s/article/NTAP-20170825-0001

Application impact

Vendor	Product	Versions
netapp	storagegrid_webscale	`10.2`
netapp	storagegrid_webscale	`10.2.1`
netapp	storagegrid_webscale	`10.2.2`
netapp	storagegrid_webscale	`10.2.2.2`
netapp	storagegrid_webscale	`10.3.0`
netapp	storagegrid_webscale	`10.3.0.3`
netapp	storagegrid_webscale	`10.4.0`
netapp	storagegrid_webscale	`10.4.0.1`

References

http://www.securityfocus.com/bid/100535
https://kb.netapp.com/support/s/article/NTAP-20170825-0001
http://www.securityfocus.com/bid/100535
https://kb.netapp.com/support/s/article/NTAP-20170825-0001

CWEs

CWE-269

Verify integrity in audit chain (admin only). AS-IS.