CVE-2017-7345
MEDIUMNetApp Clustered Data ONTAP < 7.1 - Unauthenticated Exposure of Sensitive Information via JMX RMI
Title source: llmDescription
NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://kb.netapp.com/support/s/article/NTAP-20170331-0002
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/97537
Scores
CVSS v3
5.3
EPSS
0.0169
EPSS Percentile
74.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
netapp/clustered_data_ontap
< 7.1
Published
Apr 10, 2017
Tracked Since
Feb 18, 2026