Lucene search
HistoryMay 31, 2015 - 5:59 p.m.
CVE-2015-3292
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.8
Confidence
Low
EPSS
0.3
Percentile
97.0%
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
Affected configurations
Node
netapponcommand_workflow_automationRange≤2.2.1
ORnetapponcommand_workflow_automationMatch3.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| netapp | oncommand_workflow_automation | * | cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:* |
| netapp | oncommand_workflow_automation | 3.0 | cpe:2.3:a:netapp:oncommand_workflow_automation:3.0:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
Java - Debug Wire Protocol Remote Code Execution (Metasploit)
2014-06-17 00:00:00
cve
cve
CVE-2015-3292
2015-05-31 17:59:04
cvelist
cvelist
CVE-2015-3292
2015-05-31 17:00:00
prion
prion
Code injection
2015-05-31 17:59:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.8
Confidence
Low
EPSS
0.3
Percentile
97.0%
Related for NVD:CVE-2015-3292