Changeflow GovPing Data Privacy & Cybersecurity NetApp Products Vulnerabilities Affecting Data ...
Priority review Notice Added Final

NetApp Products Vulnerabilities Affecting Data Integrity and Confidentiality

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published March 27th, 2026
Detected March 27th, 2026
Email

Summary

CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in NetApp products, including Active IQ Unified Manager and ONTAP. These vulnerabilities could lead to data integrity and confidentiality breaches, as well as remote denial-of-service attacks. Affected users are advised to consult NetApp security bulletins for patch information.

View original document View source feed page

What changed

CERT-FR has released an advisory (CERTFR-2026-AVI-0363) detailing multiple critical vulnerabilities found in NetApp products, specifically affecting Active IQ Unified Manager for Windows (versions prior to 9.18) and NetApp ONTAP 9 (versions 9.17.x prior to 9.17.1 and versions prior to 9.16.1P12). The identified vulnerabilities, referenced by CVEs such as CVE-2024-9287, CVE-2025-1219, and CVE-2025-1736, pose significant risks including remote denial-of-service, data integrity compromise, and data confidentiality breaches.

Organizations utilizing the affected NetApp products must immediately consult the provided NetApp security bulletins (NTAP-20250425-0006, NTAP-20250523-0006, NTAP-20250523-0007) to obtain and apply the necessary patches. Failure to address these vulnerabilities could result in severe data loss, unauthorized access to sensitive information, and disruption of critical services, leading to significant operational and reputational damage.

What to do next

  1. Consult NetApp security bulletins for affected product versions.
  2. Apply available patches and updates to mitigate identified vulnerabilities.

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 27 mars 2026 N° CERTFR-2026-AVI-0363 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans les produits NetApp

Gestion du document

| Référence | CERTFR-2026-AVI-0363 |
| Titre | Multiples vulnérabilités dans les produits NetApp |
| Date de la première version | 27 mars 2026 |
| Date de la dernière version | 27 mars 2026 |
| Source(s) | Bulletin de sécurité NetApp NTAP-20250425-0006 du 26 mars 2026
Bulletin de sécurité NetApp NTAP-20250523-0006 du 26 mars 2026
Bulletin de sécurité NetApp NTAP-20250523-0007 du 26 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Atteinte à l'intégrité des données
  • Atteinte à la confidentialité des données
  • Déni de service à distance

Systèmes affectés

  • Active IQ Unified Manager pour Microsoft Windows versions antérieures à 9.18
  • NetApp ONTAP 9 versions 9.17.x antérieures à 9.17.1
  • NetApp ONTAP 9 versions antérieures à 9.16.1P12

Résumé

De multiples vulnérabilités ont été découvertes dans les produits NetApp. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 27 mars 2026 Version initiale

Related changes

Favicon for www.cert.ssi.gouv.fr Spring AI Vulnerabilities Allow Code Execution, SSRF, Policy Bypass
Priority review Mar 27, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Traefik Vulnerabilities Allow Security Policy Bypass
Priority review Mar 27, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Siemens Product Vulnerabilities Allow Remote Denial of Service
Priority review Mar 27, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.nist.gov Draft NIST Cyber AI Profile for Cybersecurity Guidelines
Priority review Mar 28, 2026 NIST News Data Privacy & Cybersecurity
Favicon for usdaoig.oversight.gov USDA IT Security Directives Lack Relevance and Effectiveness
Priority review Mar 28, 2026 USDA OIG Reports Agriculture & Food Safety
Favicon for usdaoig.oversight.gov USDA Web Application Security Vulnerabilities Inspection Report
Priority review Mar 28, 2026 USDA OIG Reports Agriculture & Food Safety

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-FR
Published
March 27th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
CERTFR-2026-AVI-0363

Who this affects

Applies to
Manufacturers
Industry sector
3341 Computer & Electronics Manufacturing
Activity scope
Data Integrity Data Confidentiality Denial of Service
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Integrity Data Confidentiality Denial of Service

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 264 Consumer Protection 44 Courts & Legal 356 Data Privacy & Cybersecurity 69 Defense & National Security 52 Education 20 Energy 106 Environment 85 Government & Legislation 274 Healthcare 136 Housing 16 Immigration 9 Insurance 56 Labor & Employment 114 Legal & Courts 1 Pharma & Drug Safety 101 Securities & Markets 86 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.