CVE-2015-3292

NetApp OnCommand Workflow Automation <3.0P1 - RCE

Title source: llm

Description

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/33789

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/74891

[Vendor Advisory] https://kb.netapp.com/support/index?page=content&id=9010037

Scores

EPSS 0.2839

EPSS Percentile 96.5%

Details

CWE

CWE-17

Status published

Products (2)

netapp/oncommand_workflow_automation 3.0

netapp/oncommand_workflow_automation < 2.2.1

Published May 31, 2015

Tracked Since Feb 18, 2026