Unauthorized Access Flaw in Active IQ Unified Manager for VMware vSphere, Linux, and Windows
CVE-2022-23240

6.5MEDIUM

Key Information:

Vendor
Netapp
Status
Active Iq Unified Manager For Vmware Vsphere, Linux, And Microsoft Windows
Vendor
CVE Published:
28 February 2023

Summary

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions earlier than 9.11P1 contain a vulnerability that permits unauthorized users to manipulate EMS Subscriptions. This flaw exposes systems to potential exploitation through unspecified vectors, enabling attackers to gain unnecessary control over subscription configurations, which may lead to further security risks.

Affected Version(s)

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows prior to 9.11P1

References

https://security.netapp.com/advisory/ntap-20220901-0002/

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-23240 : Unauthorized Access Flaw in Active IQ Unified Manager for VMware vSphere, Linux, and Windows | SecurityVulnerability.io