ONTAP Mediator versions before 1.7 are susceptible to a vulnerability that can allow an unauthenticated malicious user to enumerate URLs via REST API.
netapp ontap mediator