Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SANtricity Products by NetApp

    CVE-2018-5488 (GCVE-0-2018-5488)

    Vulnerability from nvd – Published: 2018-06-13 20:00 – Updated: 2024-09-16 23:01
    VLAI
    Summary
    NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.
    Severity
    No CVSS data available.
    CWE
    • Unauthenticated Remote Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetApp SANtricity Products Affected: SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001
    Create a notification for this product.
    Date Public
    2018-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104462",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104462"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20180612-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SANtricity Products",
              "vendor": "NetApp",
              "versions": [
                {
                  "status": "affected",
                  "version": "SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001"
                }
              ]
            }
          ],
          "datePublic": "2018-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unauthenticated Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-15T09:57:01.000Z",
            "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
            "shortName": "netapp"
          },
          "references": [
            {
              "name": "104462",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104462"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180612-0001/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@netapp.com",
              "DATE_PUBLIC": "2018-06-12T00:00:00",
              "ID": "CVE-2018-5488",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SANtricity Products",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetApp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unauthenticated Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104462",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104462"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20180612-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20180612-0001/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
        "assignerShortName": "netapp",
        "cveId": "CVE-2018-5488",
        "datePublished": "2018-06-13T20:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:01:43.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5488 (GCVE-0-2018-5488)

    Vulnerability from cvelistv5 – Published: 2018-06-13 20:00 – Updated: 2024-09-16 23:01
    VLAI
    Summary
    NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.
    Severity
    No CVSS data available.
    CWE
    • Unauthenticated Remote Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    NetApp SANtricity Products Affected: SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001
    Create a notification for this product.
    Date Public
    2018-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:50.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104462",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104462"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20180612-0001/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SANtricity Products",
              "vendor": "NetApp",
              "versions": [
                {
                  "status": "affected",
                  "version": "SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001"
                }
              ]
            }
          ],
          "datePublic": "2018-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Unauthenticated Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-06-15T09:57:01.000Z",
            "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
            "shortName": "netapp"
          },
          "references": [
            {
              "name": "104462",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104462"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180612-0001/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@netapp.com",
              "DATE_PUBLIC": "2018-06-12T00:00:00",
              "ID": "CVE-2018-5488",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SANtricity Products",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NetApp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Unauthenticated Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104462",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104462"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20180612-0001/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20180612-0001/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
        "assignerShortName": "netapp",
        "cveId": "CVE-2018-5488",
        "datePublished": "2018-06-13T20:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:01:43.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }