Vulnerability Details : CVE-2022-23235
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.
Vulnerability category: Information leak
Products affected by CVE-2022-23235
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:9.10:-:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:9.10:-:*:*:*:linux:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:9.10:-:*:*:*:windows:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-23235
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-23235
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2022-23235
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-23235
-
https://security.netapp.com/advisory/ntap-20220324-0001/
CVE-2022-23235 Information Disclosure Vulnerability in Active IQ Unified Manager | NetApp Product SecurityPatch;Vendor Advisory
Jump to