CVE-2018-5487: Input Validation
First published: Thu May 24 2018(Updated: )
NetApp OnCommand Unified Manager for Linux versions 7.2 through 7.3 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.
Credit: security-alert@netapp.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetApp OnCommand Unified Manager for Windows | >=7.2<=7.3 | |
| Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-5487?
CVE-2018-5487 is classified as a critical vulnerability due to the potential for unauthenticated remote code execution.
How do I fix CVE-2018-5487?
To mitigate CVE-2018-5487, disable the JMX RMI service or apply patches provided by NetApp for affected versions.
Which versions of NetApp OnCommand Unified Manager are affected by CVE-2018-5487?
CVE-2018-5487 affects NetApp OnCommand Unified Manager versions 7.2 through 7.3.
What type of vulnerability is CVE-2018-5487?
CVE-2018-5487 is a remote code execution vulnerability arising from a misconfigured service.
Can CVE-2018-5487 be exploited remotely?
Yes, CVE-2018-5487 can be exploited remotely due to the JMX RMI service being exposed on the network.
- agent/type
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/netapp
- canonical/netapp oncommand unified manager for windows
- version/netapp oncommand unified manager for windows/7.2
- version/netapp oncommand unified manager for windows/7.3
- vendor/linux
- canonical/linux kernel