PT-2015-1298 · Netapp · Netapp Oncommand Workflow Automation

Published

2015-05-31

Updated

2016-12-03

CVE-2015-3292

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions NetApp OnCommand Workflow Automation versions prior to 2.2.1P1 NetApp OnCommand Workflow Automation versions 3.x prior to 3.0P1

Description The issue concerns the installer in NetApp OnCommand Workflow Automation, which sets up the Java Debugging Wire Protocol (JDWP) service. This setup allows remote attackers to execute arbitrary code via unspecified vectors. The JDWP service is used for debugging Java applications, but in this context, it introduces a security risk.

Recommendations For versions prior to 2.2.1P1, update to version 2.2.1P1 or later. For versions 3.x prior to 3.0P1, update to version 3.0P1 or later. As a temporary workaround, consider disabling the JDWP service until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2015-10353

CVE-2015-3292

Affected Products

Netapp Oncommand Workflow Automation

PT-2015-1298 · Netapp · Netapp Oncommand Workflow Automation

CVE-2015-3292

Weakness Enumeration

Related Identifiers

Affected Products

References · 6