CVE-2020-8574

EUVD-2020-29422
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
netappactive_iq_unified_manager
𝑥
< 9.6
𝑥
= Vulnerable software versions
References
https://security.netapp.com/advisory/ntap-20200803-0001/
https://security.netapp.com/advisory/ntap-20200803-0001/