The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:CNetapp Oncommand Workflow Automation
APPNetapp3.0≤ 2.2.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
Related vulnerabilities
CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...
CVE-2024-28752CRITICAL9.3PL ✓ten sam produkt
SSRF w Apache CXF przez Aegis DataBinding — ataki na usługi webowe
CVE-2023-38545CRITICAL9.8ten sam produkt
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass a...
CVE-2022-37434CRITICAL9.8ten sam produkt
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large g...
CVE-2022-23852CRITICAL9.8ten sam produkt
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a no...