PT-2017-17677 · Netapp+1 · Oncommand Performance Manager+2

Publicado

2017-04-10

Atualizado

2017-04-17

CVE-2017-7345

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP versions prior to 7.1P1

Description The issue allows remote attackers to obtain sensitive information via unspecified vectors due to the improper binding of the Java Management Extension Remote Method Invocation (JMX RMI) service to the network.

Recommendations For versions prior to 7.1P1, update to version 7.1P1 or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2017-7345

Produtos afetados

Java Management Extension Remote Method Invocation

Oncommand Performance Manager

Netapp Oncommand Unified Manager For Clustered Data Ontap

PT-2017-17677 · Netapp+1 · Oncommand Performance Manager+2

CVE-2017-7345

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4