| Vulnerability Name: | CVE-2015-3292 (CCN-105028) | ||||||||
| Assigned: | 2015-05-28 | ||||||||
| Published: | 2015-05-28 | ||||||||
| Updated: | 2016-12-03 | ||||||||
| Summary: | The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-17 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-3292 Source: BID Type: UNKNOWN 74891 Source: XF Type: UNKNOWN netapp-cve20153292-code-exec(105028) Source: CCN Type: NTAP-20150528-0001 CVE-2015-3292 OnCommand Workflow Automation Remote Code Execution Vulnerability Source: CONFIRM Type: Vendor Advisory https://kb.netapp.com/support/index?page=content&id=9010037 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||