Vulnerabilites related to NetApp - OnCommand Unified Manager for Linux
cve-2018-5487
Vulnerability from cvelistv5
Published
2018-05-24 14:00
Modified
2024-09-16 22:30
Severity ?
EPSS score ?
Summary
NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20180523-0001/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NetApp | OnCommand Unified Manager for Linux |
Version: Versions 7.2 through 7.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:49.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180523-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OnCommand Unified Manager for Linux",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "Versions 7.2 through 7.3"
}
]
}
],
"datePublic": "2018-05-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-24T13:57:01",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180523-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"DATE_PUBLIC": "2018-05-23T00:00:00",
"ID": "CVE-2018-5487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OnCommand Unified Manager for Linux",
"version": {
"version_data": [
{
"version_value": "Versions 7.2 through 7.3"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20180523-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180523-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2018-5487",
"datePublished": "2018-05-24T14:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T22:30:40.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-5486
Vulnerability from cvelistv5
Published
2018-04-25 21:00
Modified
2024-09-16 22:35
Severity ?
EPSS score ?
Summary
NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20180425-0001/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NetApp | OnCommand Unified Manager for Linux |
Version: 7.2 though 7.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:49.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180425-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OnCommand Unified Manager for Linux",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "7.2 though 7.3"
}
]
}
],
"datePublic": "2018-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE 250",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-25T20:57:01",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180425-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"DATE_PUBLIC": "2018-04-25T00:00:00",
"ID": "CVE-2018-5486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OnCommand Unified Manager for Linux",
"version": {
"version_data": [
{
"version_value": "7.2 though 7.3"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol (JDWP) enabled which allows unauthorized local attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE 250"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20180425-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180425-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2018-5486",
"datePublished": "2018-04-25T21:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T22:35:03.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}