CVE-2017-7345

MEDIUM

NetApp <7.1P1 - Info Disclosure

Title source: llm

Description

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97537

[Vendor Advisory] https://kb.netapp.com/support/s/article/NTAP-20170331-0002

Scores

CVSS v3 5.3

EPSS 0.0020

EPSS Percentile 42.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

netapp/clustered_data_ontap < 7.1

n/a/n/a

Timeline

Published Apr 10, 2017

Tracked Since Feb 18, 2026