Remote Code Execution Vulnerability in NetApp OnCommand Workflow Automation
CVE-2015-3292

Currently unrated

Key Information:

Vendor: Netapp
Status: Oncommand Workflow Automation
Vendor: CVE Published:; 31 May 2015

What is CVE-2015-3292?

The installer in NetApp OnCommand Workflow Automation versions prior to 2.2.1P1 and 3.x versions before 3.0P1 is vulnerable due to its setup of the Java Debugging Wire Protocol (JDWP) service. This configuration enables remote attackers to exploit the system and execute arbitrary code through unspecified vectors, posing a serious risk to users and their data security.

References

http://www.securityfocus.com/bid/74891

vdb-entryx_refsource_BID

https://kb.netapp.com/support/index?page=content&id=9010037

x_refsource_CONFIRM

EPSS Score

30% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2015
Vulnerability Reserved
Apr 10, 2015

Netapp

What is CVE-2015-3292?

References

EPSS Score

Timeline