Vulnerability Details : CVE-2015-3292
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
Vulnerability category: Execute code
Products affected by CVE-2015-3292
- cpe:2.3:a:netapp:oncommand_workflow_automation:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_workflow_automation:3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3292
9.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3292
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2015-3292
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3292
-
https://kb.netapp.com/support/index?page=content&id=9010037
CVE-2015-3292 OnCommand Workflow Automation Remote Code Execution Vulnerability | NetApp Product SecurityVendor Advisory
-
http://www.securityfocus.com/bid/74891
NetApp OnCommand Workflow Automation CVE-2015-3292 Remote Code Execution Vulnerability
Jump to