CVE-2017-15516

high

Published 2017-11-16 · Modified 2026-05-13

CVSS v3

8.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2

6.8

VIR risk

8.8

Description

NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability which could be used to cause an unintended authenticated action in the user interface.

Predictions

Exploit likelihood

92%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: security-alert@netapp.com — https://security.netapp.com/advisory/ntap-20171114-0001/

Application impact

Vendor	Product	Versions	Fixed
netapp	snapcenter_server	`1.1`
netapp	snapcenter_server	`2.0`

References

https://security.netapp.com/advisory/ntap-20171114-0001/
https://security.netapp.com/advisory/ntap-20171114-0001/

CWEs

CWE-352

Verify integrity in audit chain (admin only). AS-IS.