CVE-2022-23235 — Sensitive Information Exposure in Active IQ Unified Manager

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 53.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Active IQ Unified Manager

Timeline

PublishedAug 25

Latest updateAug 26

Description

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDnetapp/active_iq_unified_manager< 9.10+1

▶CVEListV5netapp/active_iq_unified_managerprior to 9.10P1

Patches

Patch: security.netapp.com ↗Patch: security.netapp.com ↗

🔴Vulnerability Details

GHSA

GHSA-7677-xwx4-r4m4: Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9↗2022-08-26

▶

CVEList

CVE-2022-23235: Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9↗2022-08-25

▶