CVE-2020-8574

Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
netappCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
netappactive_iq_unified_manager
𝑥
< 9.6
𝑥
= Vulnerable software versions
References
https://security.netapp.com/advisory/ntap-20200803-0001/
https://security.netapp.com/advisory/ntap-20200803-0001/