{"status":"success","advisory":{"_id":"683547205b16347a91c39c7a","kb_acknowledgements":null,"kb_affected_list":["OnCommand Workflow Automation"],"kb_bad_data":false,"kb_cve":["CVE-2016-1894"],"kb_exploitation":"Not public","kb_fixes":[{"product":"OnCommand Workflow Automation","fixes":[{"link":"http://mysupport.netapp.com/NOW/download/software/ocwfa/4.0/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Exploitation of this vulnerability may lead to unauthorized disclosure of sensitive information in cleartext, unauthorized modification of information, and/or disruption of service of OnCommand Workflow Automation or its associated data sources.","kb_internal_notes":[{"burt":"976096","jira":"","product":"OnCommand Workflow Automation"}],"kb_investigating_list":[],"kb_num":"9010068","kb_ref":["https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1894"],"kb_rev_history":[{"comment":"Initial Public Release; Final status","date":"20160311","version":"1.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2016-1894":"CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C"},"kb_scoring_calc":[{"cve_id":"CVE-2016-1894","range":"CRITICAL","score":9.3,"vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:U/RC:C"}],"kb_status":"Final","kb_summary":"All versions of OnCommand Workflow Automation below 3.1P2 for both Linux and Windows platforms are susceptible to an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this to obtain sensitive information in cleartext. All customers are STRONGLY urged to upgrade to a fixed version IMMEDIATELY and change passwords for all configured data sources as a precaution.","kb_title":"CVE-2016-1894 Authentication Bypass Vulnerability in OnCommand Workflow Automation","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Brocade Fabric Operating System Firmware","Cloud Manager","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp Cloud Backup (formerly AltaVault)","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp SMI-S Provider","NetApp Storage Encryption","OnCommand Insight","Open Systems SnapVault Agent","Service Processor","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapDrive for Unix","SnapManager for Exchange","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","SnapManager for Sharepoint","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","StorageGRID9 (9.x and prior)","System Manager 9.x"],"kb_workarounds":"None.","ntap_advisory_id":"NTAP-20160310-0001","adv_id":"ntap-20160310-0001","published_date":"2016-03-10T00:00:00","updated_date":"2016-03-11T00:00:00","inserted_date":"2025-05-27T05:01:20.557000","modified_date":null}}