{"status":"success","advisory":{"_id":"683547205b16347a91c39c5c","kb_acknowledgements":null,"kb_affected_list":["OnCommand Balance","OnCommand Insight","OnCommand Performance Manager (Unified Manager Performance Pkg)","OnCommand Report","OnCommand Unified Manager Core Package","OnCommand Unified Manager for Clustered Data ONTAP","OnCommand Workflow Automation"],"kb_bad_data":false,"kb_cve":["CVE-2015-2575"],"kb_exploitation":"Public","kb_fixes":[{"product":"OnCommand Insight","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/sanscreen/7.1.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Balance","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_ib/4.2.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Unified Manager for Clustered Data ONTAP","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_cdot_lin/6.2P1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_cdot/6.2P1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Report","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://mysupport.netapp.com/info/communications/ECMP1397557.html"},{"product":"OnCommand Performance Manager (Unified Manager Performance Pkg)","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_pm_linux/1.1P1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/oncommand_pm/1.1P1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Workflow Automation","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ocwfa/3.1/","cves":[]},{"link":"http://mysupport.netapp.com/NOW/download/software/ocwfa_linux/3.1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Unified Manager Core Package","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2853558.html"}],"kb_impact":"Exploitation of this vulnerability may lead to unauthorized read, update, insert or delete access to a subset of MySQL Connector accessible data.","kb_internal_notes":[{"burt":"907649","jira":"","product":"OnCommand Balance"},{"burt":"907655","jira":"","product":"OnCommand Insight"},{"burt":"907654","jira":"","product":"OnCommand Performance Manager (Unified Manager Performance Pkg)"},{"burt":"907652","jira":"","product":"OnCommand Report"},{"burt":"907650","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"907653","jira":"","product":"OnCommand Unified Manager for Clustered Data ONTAP"},{"burt":"907659","jira":"","product":"OnCommand Workflow Automation"},{"burt":"907656","jira":"","product":"Storage Services Connector"},{"burt":"907657","jira":"","product":"StorageGRID9 (9.x and prior)"},{"burt":"907648","jira":"","product":"System Manager 9.x"},{"burt":"907658","jira":"","product":"Virtual Storage Console for VMware vSphere 9.7 and above"}],"kb_investigating_list":[],"kb_num":"9010036","kb_ref":["http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html","http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html#MSQL"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20150417","version":"1.0"},{"comment":"Updated Affected Products & Software Versions and Fixes","date":"20150526","version":"2.0"},{"comment":"Updated Software Versions and Fixes","date":"20150527","version":"3.0"},{"comment":"StorageGRID & Storage Services Connector added to Products Not Affected","date":"20150626","version":"4.0"},{"comment":"OnCommand Workflow Automation added to Software Versions and Fixes","date":"20151016","version":"5.0"},{"comment":"OnCommand Report added to Affected Products; OnCommand Insight & OnCommand Report added to Software Versions and Fixes","date":"20151222","version":"6.0"},{"comment":"OnCommand Balance added to Software Versions and Fixes","date":"20160510","version":"7.0"},{"comment":"OnCommand Unified Manager Core Package (5.x) added to Software Versions and Fixes; Final status","date":"20160831","version":"8.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2015-2575":"CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:N/E:U/RL:U/RC:C"},"kb_scoring_calc":[{"cve_id":"CVE-2015-2575","range":"MEDIUM","score":4.2,"vector":"AV:N/AC:M/Au:S/C:P/I:P/A:N/E:U/RL:U/RC:C"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate Oracle MySQL Connector/J, the official JDBC driver for MySQL. MySQL Connector/J versions below 5.1.35 are susceptible to a vulnerability that could lead to unauthorized read, update, insert or delete access to a subset of MySQL Connector accessible data. This advisory will be updated as additional information becomes available.","kb_title":"CVE-2015-2575 MySQL Connector/J Vulnerability in Multiple NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Brocade Fabric Operating System Firmware","Cloud Manager","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","NetApp Cloud Backup (formerly AltaVault)","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp SMI-S Provider","NetApp Storage Encryption","Open Systems SnapVault Agent","Service Processor","Single Mailbox Recovery","Snap Creator Framework","SnapDrive for Unix","SnapManager for Exchange","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","SnapManager for Sharepoint","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","StorageGRID9 (9.x and prior)","System Manager 9.x","Virtual Storage Console for VMware vSphere 9.7 and above"],"kb_workarounds":null,"ntap_advisory_id":"NTAP-20150417-0003","adv_id":"ntap-20150417-0003","published_date":"2015-04-17T00:00:00","updated_date":"2016-08-31T00:00:00","inserted_date":"2025-05-27T05:01:20.068000","modified_date":null}}