{"status":"success","advisory":{"_id":"6835471f5b16347a91c39c3e","kb_acknowledgements":null,"kb_affected_list":["OnCommand Balance","OnCommand Insight","OnCommand Unified Manager Core Package","SnapCenter"],"kb_bad_data":false,"kb_cve":["CVE-2014-0114"],"kb_exploitation":"Public","kb_fixes":[{"product":"OnCommand Insight","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/sanscreen_linux/7.3.0/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/sanscreen/7.3.0/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Unified Manager Core Package","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/occore_win/5.2R1P1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/occore_lin/5.2R1P1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Balance","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_ib/4.2.1","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapCenter","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/snapcenter/downloads-tab/download/62018/4.5","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Exploitation of this vulnerability may lead to unauthorized disclosure of information, unauthorized modification, and/or disruption of service.","kb_internal_notes":[{"burt":"824608","jira":"","product":"MetroCluster Plug-in for vSphere"},{"burt":"824610","jira":"","product":"OnCommand Balance"},{"burt":"824618","jira":"ICI-4230","product":"OnCommand Insight"},{"burt":"824612","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"1381399","jira":"","product":"SnapCenter"}],"kb_investigating_list":[],"kb_num":"9010006","kb_ref":[],"kb_rev_history":[{"comment":"Initial Public Release","date":"20140911","version":"1.0"},{"comment":"KB transition - no content change","date":"20141003","version":"1.0 / KB 1.0"},{"comment":"Added link to the advisory; formatting; updated title and wording to be specifc to OnCommand Unified Manager Core Package (5.x)","date":"20141014","version":"KB 2.0"},{"comment":"Formatting","date":"20141030","version":"KB 3.0"},{"comment":"Final update","date":"20141223","version":"KB 4.0"},{"comment":"Added OnCommand Balance to the advisory.","date":"20160510","version":"KB 5.0"},{"comment":"Advisory moved to Interim status from Final and converted to a standard advisory format; OnCommand Insight added to Affected Products","date":"20161117","version":"KB 6.0"},{"comment":"OnCommand Insight added to Software Versions and Fixes","date":"20170406","version":"7.0"},{"comment":"SnapCenter added to Software Versions and Fixes","date":"20210705","version":"8.0"}],"kb_revised_list":[],"kb_scoring":{"":"CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C"},"kb_scoring_calc":[{"cve_id":"","range":"MEDIUM","score":6.2,"vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate the Apache Commons BeanUtils librarary. Successful exploitation of this vulnerability may result in escalation of privileges and/or remote code execution.","kb_title":"CVE-2014-0114 Apache Commons BeanUtils Vulnerability in Multiple NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Brocade Fabric Operating System Firmware","Cloud Manager","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","MetroCluster Plug-in for vSphere","NetApp Cloud Backup (formerly AltaVault)","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp SMI-S Provider","NetApp Storage Encryption","NetApp VASA Provider for Clustered Data ONTAP 9.6 and above","OnCommand Workflow Automation","Open Systems SnapVault Agent","Service Processor","Single Mailbox Recovery","Snap Creator Framework","SnapDrive for Unix","SnapManager for Exchange","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","SnapManager for Sharepoint","Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere 9.6 and above","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","StorageGRID9 (9.x and prior)","System Manager 9.x","Virtual Storage Console for VMware vSphere 9.6 and above"],"kb_workarounds":"None","ntap_advisory_id":"NTAP-20140911-0001","adv_id":"ntap-20140911-0001","published_date":"2014-09-11T00:00:00","updated_date":"2021-07-05T00:00:00","inserted_date":"2025-05-27T05:01:19.585000","modified_date":null}}