CVE-2018-5488

CWE-20Improper Input Validation4 documents4 sources
Severity
9.8CRITICAL
EPSS
2.1%
top 15.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Netapp Santricity Storage ManagerNetapp Santricity WEB Services ProxyNetapp Santricity Products
Timeline
PublishedJun 13
Latest updateMay 14

Description

NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDnetapp/santricity_web_services_proxy1.10.x000.00022.12.x000.0002
NVDnetapp/santricity_storage_manager11.30.0x00.000411.42.0x00.0001
CVEListV5netapp/santricity_productsSANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001

🔴Vulnerability Details

2
GHSA
GHSA-vwv4-7jrf-phmx: NetApp SANtricity Web Services Proxy versions 12022-05-14
CVEList
CVE-2018-5488: NetApp SANtricity Web Services Proxy versions 12018-06-13

💥Exploits & PoCs

1
Exploit-DB
NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure)2018-09-06
CVE-2018-5488 (CRITICAL CVSS 9.8) | NetApp SANtricity Web Services Prox | cvebase.io