What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2018-5488.

What is the severity of CVE-2018-5488?

CVE-2018-5488 has a severity rating of 9.8 (Critical).

Which versions of NetApp SANtricity Storage Manager are affected by this vulnerability?

NetApp SANtricity Storage Manager versions 11.30.0X00.0004 through 11.42.0X00.0001 are affected by this vulnerability.

How can I fix CVE-2018-5488?

To fix CVE-2018-5488, it is recommended to apply the necessary updates or patches provided by NetApp.

Vulnerability/
CVE-2018-5488

critical

9.8

CWE

12/6/2018

5/8/2024

CVE-2018-5488: Input Validation

First published: Tue Jun 12 2018(Updated: )

NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 and SANtricity Storage Manager 11.30.0X00.0004 through 11.42.0X00.0001 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service bound to the network, and are susceptible to unauthenticated remote code execution.

Credit: security-alert@netapp.com

Affected Software	Affected Version	How to fix
Netapp Santricity Storage Manager	>=11.30.0x00.0004<=11.42.0x00.0001
NetApp SANtricity Web Services Proxy	>=1.10.x000.0002<=2.12.x000.0002

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-5488.
What is the severity of CVE-2018-5488?
CVE-2018-5488 has a severity rating of 9.8 (Critical).
Which versions of NetApp SANtricity Web Services Proxy are affected by this vulnerability?
NetApp SANtricity Web Services Proxy versions 1.10.x000.0002 through 2.12.X000.0002 are affected by this vulnerability.
Which versions of NetApp SANtricity Storage Manager are affected by this vulnerability?
NetApp SANtricity Storage Manager versions 11.30.0X00.0004 through 11.42.0X00.0001 are affected by this vulnerability.
How can I fix CVE-2018-5488?
To fix CVE-2018-5488, it is recommended to apply the necessary updates or patches provided by NetApp.

collector/nvd-index
agent/weakness
agent/type
agent/severity
agent/references
agent/author
agent/description
agent/tags
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/netapp
canonical/netapp santricity storage manager
version/netapp santricity storage manager/11.30.0x00.0004
version/netapp santricity storage manager/11.42.0x00.0001
canonical/netapp santricity web services proxy
version/netapp santricity web services proxy/1.10.x000.0002
version/netapp santricity web services proxy/2.12.x000.0002

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.