CVE-2022-23240 — Improper Access Control in Active IQ Unified Manager

CWE-284 — Improper Access Control3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 51.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Active IQ Unified Manager

Timeline

PublishedFeb 28

Latest updateMar 1

Description

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDnetapp/active_iq_unified_manager< 9.11p1

Patches

Patch: security.netapp.com ↗Patch: security.netapp.com ↗

🔴Vulnerability Details

GHSA

GHSA-2j4p-2hc9-62f4: Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9↗2023-03-01

▶

CVEList

CVE-2022-23240: Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9↗2023-02-28

▶