PatchSiren cyber security CVE debrief
CVE-2016-5372 Netapp CVE debrief
CVE-2016-5372 describes a cross-site request forgery (CSRF) issue in NetApp Snap Creator Framework. The flaw can allow a remote attacker to hijack a user's authenticated session for unintended requests. NVD rates the issue as medium severity (CVSS 6.3), and the vulnerability affects Snap Creator Framework versions before 4.3.0P1.
- Vendor
- Netapp
- Product
- CVE-2016-5372
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-07
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-07
- Advisory updated
- 2026-05-13
Who should care
Administrators and security teams responsible for NetApp Snap Creator Framework deployments should care most, especially where users access the interface from a browser and authenticated actions are available. Environments that expose the framework to untrusted browsing contexts or rely on privileged administrative accounts should treat this as a meaningful risk.
Technical summary
The vulnerability is classified as CWE-352 (CSRF). The NVD vector indicates network attackability, low attack complexity, no privileges required, and required user interaction. In practical terms, a victim who is already authenticated can be induced to submit requests that the application may accept as legitimate, potentially affecting confidentiality, integrity, and availability at a low level.
Defensive priority
Medium priority. Remediate promptly in environments where Snap Creator Framework is actively used or reachable by users who may browse untrusted content, but it is not listed as a Known Exploited Vulnerability in the supplied corpus.
Recommended defensive actions
- Upgrade NetApp Snap Creator Framework to 4.3.0P1 or later, per the vendor and NVD version boundary.
- Review administrative and authenticated actions in the Snap Creator Framework web interface for CSRF protections such as anti-CSRF tokens and origin/referer validation.
- Limit access to administrative interfaces to trusted networks and reduce exposure of authenticated browser sessions where possible.
- Monitor vendor advisories and confirm that any deployed Snap Creator Framework instances are running a non-vulnerable release.
- If immediate upgrading is not possible, apply compensating controls such as stricter network segmentation and reduced administrative access until remediation is complete.
Evidence notes
The supplied source corpus identifies CVE-2016-5372 as a CSRF vulnerability in NetApp Snap Creator Framework, with the affected range described as before 4.3.0P1 in the CVE description. The NVD record also maps the issue to CWE-352 and lists a vulnerable CPE range ending at 4.3.0, so the exact version boundary is described slightly differently across source fields. The CVE was published on 2017-02-07.
Official resources
-
CVE-2016-5372 CVE record
CVE.org
-
CVE-2016-5372 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
- Source reference
Publicly disclosed in the CVE record on 2017-02-07. Vendor references are included in the official NetApp advisory and knowledge base links supplied with the record.