exploitDog

CVE-2017-7345

Опубликовано: 10 апр. 2017

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.

Ссылки

http://www.securityfocus.com/bid/97537
Third Party Advisory
VDB Entry
https://kb.netapp.com/support/s/article/NTAP-20170331-0002
Vendor Advisory
http://www.securityfocus.com/bid/97537
Third Party Advisory
VDB Entry
https://kb.netapp.com/support/s/article/NTAP-20170331-0002
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*

Версия до 7.1 (включая)

EPSS

Процентиль: 42%

0.00203

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-f99g-hcx6-f4ph

CVSS3: 5.3

github

больше 3 лет назад

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.

EPSS

Процентиль: 42%

0.00203

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200