CVE-2018-5487

NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.

Published: May 24, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-5487
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
netapp / oncommand_unified_manager	7.2	7.3.x

https://security.netapp.com/advisory/ntap-20180523-0001/

Vulnerability Database

289,697

CVE-2018-5487