CVE-2015-3292

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/74891
https://kb.netapp.com/support/index?page=content&id=9010037	Vendor Advisory
http://www.securityfocus.com/bid/74891
https://kb.netapp.com/support/index?page=content&id=9010037	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:netapp:oncommand_workflow_automation::::::::
	cpe:2.3:a:netapp:oncommand_workflow_automation:3.0:::::::*

History

21 Nov 2024, 02:29

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/74891 -~~	() http://www.securityfocus.com/bid/74891 -
References	~~() https://kb.netapp.com/support/index?page=content&id=9010037 - Vendor Advisory~~	() https://kb.netapp.com/support/index?page=content&id=9010037 - Vendor Advisory

Information

Published : 2015-05-31 17:59

Updated : 2024-11-21 02:29

NVD link : CVE-2015-3292

Mitre link : CVE-2015-3292

CVE.ORG link : CVE-2015-3292

JSON object : View

Products Affected

netapp

oncommand_workflow_automation

CWE

CWE-17

DEPRECATED: Code

{"id": "CVE-2015-3292", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-05-31T17:59:04.013", "references": [{"url": "http://www.securityfocus.com/bid/74891", "source": "cve@mitre.org"}, {"url": "https://kb.netapp.com/support/index?page=content&id=9010037", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/74891", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kb.netapp.com/support/index?page=content&id=9010037", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-17"}]}], "descriptions": [{"lang": "en", "value": "The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "El instalador en NetApp OnCommand Workflow Automation anterior a 2.2.1P1 y 3.x anterior a 3.0P1 monta el sevicio Java Debugging Wire Protocol (JDWP), lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T02:29:05.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFEA9235-38D3-4024-B4F7-B523E3FB447D", "versionEndIncluding": "2.2.1"}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85FC28DA-7CB7-4184-90A5-E9E77E0E7D35"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}