CVE-2018-5488

NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.

Published: Jun 13, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-5488
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
netapp / santricity_storage_manager	11.30.0x00.0004	11.42.0x00.0001.x
netapp / santricity_web_services_proxy	1.10.x000.0002	2.12.x000.0002.x

http://www.securityfocus.com/bid/104462
https://security.netapp.com/advisory/ntap-20180612-0001/

Vulnerability Database

289,697

CVE-2018-5488