{"status":"success","advisory":{"_id":"683547205b16347a91c39c8d","kb_acknowledgements":"NetApp would like to thank Google ISA Assessments for reporting this vulnerability in OnCommand Insight.","kb_affected_list":["MetroCluster Plug-in for vSphere","OnCommand Insight","RapidData Migration Solution"],"kb_bad_data":false,"kb_cve":["CVE-2015-3253"],"kb_exploitation":"Public","kb_fixes":[{"product":"RapidData Migration Solution","fixes":[],"instructions":null,"wontfix":true,"eos_link":null},{"product":"MetroCluster Plug-in for vSphere","fixes":[],"instructions":null,"wontfix":true,"eos_link":"http://library-clnt.dmz.netapp.com/info/communications/ECMLP2415723.html"},{"product":"OnCommand Insight","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/sanscreen_linux/7.2.2/","cves":[]},{"link":"https://mysupport.netapp.com/NOW/download/software/sanscreen/7.2.2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of these vulnerabilities may lead to a denial of service or arbitrary code execution.","kb_internal_notes":[{"burt":"","jira":"","product":"E-Series SANtricity Management Plug-ins (VMware SRA)"},{"burt":"","jira":"","product":"E-Series SANtricity Management Plug-ins (VMware VASA (Windows))"},{"burt":"","jira":"","product":"E-Series SANtricity Management Plug-ins (VMware vCenter (Linux))"},{"burt":"","jira":"","product":"E-Series SANtricity Management Plug-ins (VMware vCenter)"},{"burt":"929421","jira":"","product":"MetroCluster Plug-in for vSphere"},{"burt":"929429","jira":"","product":"NetApp VASA Provider for Clustered Data ONTAP 9.7 and above"},{"burt":"929420","jira":"","product":"OnCommand Balance"},{"burt":"929424","jira":"IBG-7168","product":"OnCommand Insight"},{"burt":"929423","jira":"","product":"OnCommand Performance Manager (Unified Manager Performance Pkg)"},{"burt":"929419","jira":"","product":"OnCommand Plug-in for Microsoft"},{"burt":"929422","jira":"","product":"OnCommand Unified Manager for Clustered Data ONTAP"},{"burt":"929417","jira":"","product":"RapidData Migration Solution"},{"burt":"929426","jira":"","product":"SnapManager for Oracle"},{"burt":"929427","jira":"","product":"SnapManager for SAP"},{"burt":"929425","jira":"","product":"Storage Services Connector"},{"burt":"929428","jira":"","product":"Virtual Storage Console for VMware vSphere 9.7 and above"}],"kb_investigating_list":[],"kb_num":"9010086","kb_ref":["https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3253","http://groovy-lang.org/security.html"],"kb_rev_history":[{"comment":"Initial Public Release; Final status","date":"20160623","version":"1.0"}],"kb_revised_list":[],"kb_scoring":{"":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"kb_scoring_calc":[{"cve_id":"","range":"CRITICAL","score":9.8,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"kb_status":"Final","kb_summary":"OnCommand Insight prior to version 7.2.2 is susceptible to a vulnerability in Apache Groovy which could, under certain circumstances, allow attackers to execute arbitrary code or cause a denial of service. Users are encouraged to upgrade to a fixed version to resolve this vulnerability.","kb_title":"CVE-2015-3253 Apache Groovy Vulnerability in OnCommand Insight","kb_unaffected_list":["7-Mode Transition Tool","ATTO FibreBridge - 6500N","Brocade Fabric Operating System Firmware","Cloud Manager","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","E-Series SANtricity Management Plug-ins (VMware SRA)","E-Series SANtricity Management Plug-ins (VMware VASA (Windows))","E-Series SANtricity Management Plug-ins (VMware vCenter (Linux))","E-Series SANtricity Management Plug-ins (VMware vCenter)","E-Series SANtricity Storage Manager","E-Series SANtricity Web Services (REST API) for Web Services Proxy","FAS/AFF BIOS","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","NetApp Cloud Backup (formerly AltaVault)","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp SMI-S Provider","NetApp Storage Encryption","NetApp VASA Provider for Clustered Data ONTAP 9.7 and above","OnCommand Balance","OnCommand Performance Manager (Unified Manager Performance Pkg)","OnCommand Plug-in for Microsoft","OnCommand Unified Manager for Clustered Data ONTAP","OnCommand Workflow Automation","Open Systems SnapVault Agent","Service Processor","Single Mailbox Recovery","Snap Creator Framework","SnapDrive for Unix","SnapManager for Exchange","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","SnapManager for Sharepoint","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","StorageGRID9 (9.x and prior)","System Manager 9.x","Virtual Storage Console for VMware vSphere 9.7 and above"],"kb_workarounds":"None.","ntap_advisory_id":"NTAP-20160623-0001","adv_id":"ntap-20160623-0001","published_date":"2016-06-23T00:00:00","updated_date":"2016-06-23T00:00:00","inserted_date":"2025-05-27T05:01:20.846000","modified_date":null}}