Vulnerability Details : CVE-2020-8574
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
Products affected by CVE-2020-8574
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-8574
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8574
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
References for CVE-2020-8574
-
https://security.netapp.com/advisory/ntap-20200803-0001/
CVE-2020-8574 Unauthorized Code Execution Vulnerability in Active IQ Unified Manager for Linux 7.3 and above | NetApp Product SecurityVendor Advisory
Jump to