CVE-2018-5488

EPSS 2.24%
Published 13.06.2018 20:29:00
Last modified 21.11.2024 04:08:53
Source security-alert@netapp.com
Teams watchlist Login
Open Login

NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Netapp ≫ Santricity Storage Manager Version >= 11.30.0x00.0004 <= 11.42.0x00.0001

Netapp ≫ Santricity Web Services Proxy Version >= 1.10.x000.0002 <= 2.12.x000.0002

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.24%	0.83

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/104462

Third Party Advisory

VDB Entry

https://security.netapp.com/advisory/ntap-20180612-0001/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-5488

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-5488

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-5488

EUVD