Lucene search

[email protected]CVE-2015-3292

HistoryMay 31, 2015 - 5:59 p.m.

CVE-2015-3292

2015-05-3117:59:04

CWE-17

[email protected]

web.nvd.nist.gov

netapp

oncommand

workflow automation

installer

jdwp

cve-2015-3292

nvd

security vulnerability

remote code execution

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.3 Low

EPSS

Percentile

97.0%

JSON

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.

Affected configurations

NVD

Node

netapponcommand_workflow_automationRange≤2.2.1

netapponcommand_workflow_automationMatch3.0

CPENameOperatorVersion
netapp:oncommand_workflow_automationnetapp oncommand workflow automationle2.2.1
netapp:oncommand_workflow_automationnetapp oncommand workflow automationeq3.0

CPE	Name	Operator	Version
netapp:oncommand_workflow_automation	netapp oncommand workflow automation	le	2.2.1
netapp:oncommand_workflow_automation	netapp oncommand workflow automation	eq	3.0

References

www.securityfocus.com/bid/74891

kb.netapp.com/support/index?page=content&id=9010037

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8 High

AI Score

Confidence

Low

0.3 Low

EPSS

Percentile

97.0%

JSON

Related for CVE-2015-3292

nvd1 prion1 cvelist1