CVE-2015-3292

Name of the Vulnerable Software and Affected Versions NetApp OnCommand Workflow Automation versions prior to 2.2.1P1 NetApp OnCommand Workflow Automation versions 3.x prior to 3.0P1

Description The issue concerns the installer in NetApp OnCommand Workflow Automation, which sets up the Java Debugging Wire Protocol (JDWP) service. This setup allows remote attackers to execute arbitrary code via unspecified vectors. The JDWP service is used for debugging Java applications, but in this context, it introduces a security risk.

Recommendations For versions prior to 2.2.1P1, update to version 2.2.1P1 or later. For versions 3.x prior to 3.0P1, update to version 3.0P1 or later. As a temporary workaround, consider disabling the JDWP service until a patch is available.