CVE-2022-23235
Last modified
CVE-2022-23235 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.. EPSS estimates a 0.51% chance of exploitation in the next 30 days.
Description
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Netapp | Active Iq Unified Manager | < 9.10 |
| Netapp | Active Iq Unified Manager | 9.10 |
References
- https://security.netapp.com/advisory/ntap-20220324-0001/Patch, Vendor Advisory
- https://security.netapp.com/advisory/ntap-20220324-0001/Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-23235?
How severe is CVE-2022-23235?
How do I fix CVE-2022-23235?
Are you affected by CVE-2022-23235?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST