PT-2017-17677 · Netapp+1 · Oncommand Performance Manager+2

Published

2017-04-10

Updated

2017-04-17

CVE-2017-7345

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP versions prior to 7.1P1

Description The issue allows remote attackers to obtain sensitive information via unspecified vectors due to the improper binding of the Java Management Extension Remote Method Invocation (JMX RMI) service to the network.

Recommendations For versions prior to 7.1P1, update to version 7.1P1 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-7345

Affected Products

Java Management Extension Remote Method Invocation

Oncommand Performance Manager

Netapp Oncommand Unified Manager For Clustered Data Ontap

PT-2017-17677 · Netapp+1 · Oncommand Performance Manager+2

CVE-2017-7345

Weakness Enumeration

Related Identifiers

Affected Products

References · 4