Description
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://security.netapp.com/advisory/ntap-20220324-0001/
Scores
CVSS v3
5.3
EPSS
0.0024
EPSS Percentile
46.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
Status
published
Products (2)
netapp/active_iq_unified_manager
9.10 (3 CPE variants)
netapp/active_iq_unified_manager
< 9.10 (3 CPE variants)
Published
Aug 25, 2022
Tracked Since
Feb 18, 2026