Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-3292

CWE-174 documents4 sources
Severity
10.0CRITICAL
EPSS
26.7%
top 3.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Netapp Oncommand Workflow Automation
Timeline
PublishedMay 31
Latest updateMay 17

Description

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4pf8-34m3-m5j2: The installer in NetApp OnCommand Workflow Automation before 22022-05-17
CVEList
CVE-2015-3292: The installer in NetApp OnCommand Workflow Automation before 22015-05-31

💥Exploits & PoCs

1
Exploit-DB
Java - Debug Wire Protocol Remote Code Execution (Metasploit)2014-06-17
CVE-2015-3292 (CRITICAL CVSS 10) | The installer in NetApp OnCommand W | cvebase.io