Remote Code Execution Vulnerability in NetApp OnCommand Workflow Automation
CVE-2015-3292

Currently unrated

Key Information:

Vendor
Netapp
Status
Oncommand Workflow Automation
Vendor
CVE Published:
31 May 2015

Summary

The installer in NetApp OnCommand Workflow Automation versions prior to 2.2.1P1 and 3.x versions before 3.0P1 is vulnerable due to its setup of the Java Debugging Wire Protocol (JDWP) service. This configuration enables remote attackers to exploit the system and execute arbitrary code through unspecified vectors, posing a serious risk to users and their data security.

References

http://www.securityfocus.com/bid/74891
vdb-entryx_refsource_BID
https://kb.netapp.com/support/index?page=content&id=9010037
x_refsource_CONFIRM

EPSS Score

30% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2015-3292 : Remote Code Execution Vulnerability in NetApp OnCommand Workflow Automation | SecurityVulnerability.io