Description
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://security.netapp.com/advisory/ntap-20200803-0001/
Scores
CVSS v3
7.8
EPSS
0.0016
EPSS Percentile
36.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
netapp/active_iq_unified_manager
< 9.6
Published
Aug 03, 2020
Tracked Since
Feb 18, 2026