CVE-2018-5488

EPSS 2.24%
Veröffentlicht 13.06.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 04:08:53
Quelle security-alert@netapp.com
Teams Watchlist Login
Unerledigt Login

NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netapp ≫ Santricity Storage Manager Version >= 11.30.0x00.0004 <= 11.42.0x00.0001

Netapp ≫ Santricity Web Services Proxy Version >= 1.10.x000.0002 <= 2.12.x000.0002

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.24%	0.83

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/104462

Third Party Advisory

VDB Entry

https://security.netapp.com/advisory/ntap-20180612-0001/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-5488

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5488

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5488

EUVD