CVE-2018-5485 — Improper Privilege Management in Oncommand Unified Manager

3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 61.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Oncommand Unified Manager Netapp Oncommand Unified Manager FOR Windows

Timeline

PublishedMay 24

Latest updateMay 13

Description

NetApp OnCommand Unified Manager for Windows versions 7.2 through 7.3 are susceptible to a vulnerability which could lead to a privilege escalation attack.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5netapp/oncommand_unified_manager_for_windowsVersions 7.2 though 7.3

▶NVDnetapp/oncommand_unified_manager7.2 — 7.3

Patches

Patch: security.netapp.com ↗Patch: security.netapp.com ↗

🔴Vulnerability Details

GHSA

GHSA-x8q3-q9x3-w9jr: NetApp OnCommand Unified Manager for Windows versions 7↗2022-05-13

▶

CVEList

CVE-2018-5485: NetApp OnCommand Unified Manager for Windows versions 7↗2018-05-24

▶