CVE-2015-3292 - The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up th

CVE-2015-3292

Summary

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.

References

http://www.securityfocus.com/bid/74891
https://kb.netapp.com/support/index?page=content&id=9010037

Vulnerable Configurations

cpe:2.3:a:netapp:oncommand_workflow_automation:2.2.1:p1:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:2.2.1:p1:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:3.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:3.0:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 03-12-2016 - 03:09)
Impact:
Exploitability:

CWE

CWE-17

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	74891
confirm	https://kb.netapp.com/support/index?page=content&id=9010037

Last major update

03-12-2016 - 03:09

Published

31-05-2015 - 17:59

Last modified

03-12-2016 - 03:09