Unauthorized Access Flaw in Active IQ Unified Manager for VMware vSphere, Linux, and Windows
CVE-2022-23240

6.5MEDIUM

Key Information:

Vendor: Netapp
Status: Active Iq Unified Manager For Vmware Vsphere, Linux, And Microsoft Windows
Vendor: CVE Published:; 28 February 2023

What is CVE-2022-23240?

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions earlier than 9.11P1 contain a vulnerability that permits unauthorized users to manipulate EMS Subscriptions. This flaw exposes systems to potential exploitation through unspecified vectors, enabling attackers to gain unnecessary control over subscription configurations, which may lead to further security risks.

Affected Version(s)

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows prior to 9.11P1

References

https://security.netapp.com/advisory/ntap-20220901-0002/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2023
Vulnerability Reserved
Jan 14, 2022

Netapp

What is CVE-2022-23240?

Affected Version(s)

References

CVSS V3.1

Timeline