cnvd - cnvd-2017-05426

cnvd-2017-05426

Vulnerability from cnvd

Title: NetApp OnCommand Performance Manager和OnCommand Unified Manager for Clustered Data ONTAP信息泄露漏洞

Description:

NetApp OnCommand Performance Manager和OnCommand Unified Manager for Clustered Data ONTAP都是美国NetApp公司的产品。前者是一套用于Data ONTAP集群环境中监视、管理和优化数据存储性能的软件；后者是用于监控集群模式Data ONTAP环境的运行状况并接收警报的管理软件。

NetApp OnCommand Performance Manager和OnCommand Unified Manager for Clustered Data ONTAP 7.1P1之前的版本中存在安全漏洞。由于程序未能正确的将Java Management Extension Remote Method Invocation (又叫JMX RMI)服务绑定到网络上。远程攻击者可利用该漏洞获取敏感信息。

Severity: 中

Patch Name: NetApp OnCommand Performance Manager和OnCommand Unified Manager for Clustered Data ONTAP信息泄露漏洞的补丁

Patch Description:

Formal description:

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接: https://kb.netapp.com/support/s/article/NTAP-20170331-0002

Reference: https://kb.netapp.com/support/s/article/NTAP-20170331-0002

Impacted products

Name
NetApp NetApp OnCommand Performance Manager <7.1P1

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "97537"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-7345",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7345"
    }
  },
  "description": "NetApp OnCommand Performance Manager\u548cOnCommand Unified Manager for Clustered Data ONTAP\u90fd\u662f\u7f8e\u56fdNetApp\u516c\u53f8\u7684\u4ea7\u54c1\u3002\u524d\u8005\u662f\u4e00\u5957\u7528\u4e8eData ONTAP\u96c6\u7fa4\u73af\u5883\u4e2d\u76d1\u89c6\u3001\u7ba1\u7406\u548c\u4f18\u5316\u6570\u636e\u5b58\u50a8\u6027\u80fd\u7684\u8f6f\u4ef6\uff1b\u540e\u8005\u662f\u7528\u4e8e\u76d1\u63a7\u96c6\u7fa4\u6a21\u5f0fData ONTAP\u73af\u5883\u7684\u8fd0\u884c\u72b6\u51b5\u5e76\u63a5\u6536\u8b66\u62a5\u7684\u7ba1\u7406\u8f6f\u4ef6\u3002\r\n\r\nNetApp OnCommand Performance Manager\u548cOnCommand Unified Manager for Clustered Data ONTAP 7.1P1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5c06Java Management Extension Remote Method Invocation (\u53c8\u53ebJMX RMI)\u670d\u52a1\u7ed1\u5b9a\u5230\u7f51\u7edc\u4e0a\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "NetApp",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://kb.netapp.com/support/s/article/NTAP-20170331-0002",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05426",
  "openTime": "2017-04-26",
  "patchDescription": "NetApp OnCommand Performance Manager\u548cOnCommand Unified Manager for Clustered Data ONTAP\u90fd\u662f\u7f8e\u56fdNetApp\u516c\u53f8\u7684\u4ea7\u54c1\u3002\u524d\u8005\u662f\u4e00\u5957\u7528\u4e8eData ONTAP\u96c6\u7fa4\u73af\u5883\u4e2d\u76d1\u89c6\u3001\u7ba1\u7406\u548c\u4f18\u5316\u6570\u636e\u5b58\u50a8\u6027\u80fd\u7684\u8f6f\u4ef6\uff1b\u540e\u8005\u662f\u7528\u4e8e\u76d1\u63a7\u96c6\u7fa4\u6a21\u5f0fData ONTAP\u73af\u5883\u7684\u8fd0\u884c\u72b6\u51b5\u5e76\u63a5\u6536\u8b66\u62a5\u7684\u7ba1\u7406\u8f6f\u4ef6\u3002\r\n\r\nNetApp OnCommand Performance Manager\u548cOnCommand Unified Manager for Clustered Data ONTAP 7.1P1\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5c06Java Management Extension Remote Method Invocation (\u53c8\u53ebJMX RMI)\u670d\u52a1\u7ed1\u5b9a\u5230\u7f51\u7edc\u4e0a\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NetApp OnCommand Performance Manager\u548cOnCommand Unified Manager for Clustered Data ONTAP\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NetApp NetApp OnCommand Performance Manager \u003c7.1P1"
  },
  "referenceLink": "https://kb.netapp.com/support/s/article/NTAP-20170331-0002",
  "serverity": "\u4e2d",
  "submitTime": "2017-04-12",
  "title": "NetApp OnCommand Performance Manager\u548cOnCommand Unified Manager for Clustered Data ONTAP\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2017-7345 (GCVE-0-2017-7345)

Vulnerability from cvelistv5

Published

2017-04-10 15:00

Modified

2024-08-05 15:56

Severity ?

CWE

Summary

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors.

References

▼	URL	Tags
	https://kb.netapp.com/support/s/article/NTAP-20170331-0002	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/97537	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:56:36.458Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.netapp.com/support/s/article/NTAP-20170331-0002"
          },
          {
            "name": "97537",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/97537"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-15T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.netapp.com/support/s/article/NTAP-20170331-0002"
        },
        {
          "name": "97537",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/97537"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-7345",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.netapp.com/support/s/article/NTAP-20170331-0002",
              "refsource": "CONFIRM",
              "url": "https://kb.netapp.com/support/s/article/NTAP-20170331-0002"
            },
            {
              "name": "97537",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/97537"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-7345",
    "datePublished": "2017-04-10T15:00:00",
    "dateReserved": "2017-03-30T00:00:00",
    "dateUpdated": "2024-08-05T15:56:36.458Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted