{"status":"success","advisory":{"_id":"683547255b16347a91c39db3","kb_acknowledgements":null,"kb_affected_list":["Element Plug-in for vCenter Server","NetApp VASA Provider for Clustered Data ONTAP 9.7 and above","OnCommand System Manager 3.x ","Snap Creator Framework","SnapCenter","SnapManager for Oracle","SnapManager for SAP","Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere 9.7 and above","Virtual Storage Console for VMware vSphere 9.7 and above"],"kb_bad_data":false,"kb_cve":["CVE-2019-10241","CVE-2019-10246","CVE-2019-10247"],"kb_exploitation":"Public","kb_fixes":[{"product":"Element Plug-in for vCenter Server","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/mgmtservices/downloads-tab/download/63086/2.18.91","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp VASA Provider for Clustered Data ONTAP 9.7 and above","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/vasa_cdot/9.6/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand System Manager 3.x ","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2865102.html"},{"product":"Snap Creator Framework","fixes":[{"link":"https://mysupport.netapp.com/products/snapcreator/4.3.3P1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapCenter","fixes":[{"link":"https://mysupport.netapp.com/products/snapcenter/4.1.1P3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapManager for Oracle","fixes":[{"link":"https://mysupport.netapp.com/products/snapmanager_oracle/3.4.2P2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapManager for SAP","fixes":[{"link":"https://mysupport.netapp.com/products/snapmanager_sap/3.4.2P2/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere 9.7 and above","fixes":[{"link":"https://mysupport.netapp.com/NOW/download/software/sra_cmode/9.6/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Virtual Storage Console for VMware vSphere 9.7 and above","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/vsc/docsandkb-tab/download/30048/9.7P1/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of these vulnerabilities could lead to disclosure of sensitive information or addition or modification of data.","kb_internal_notes":[{"burt":"1235342","jira":"","product":"Active IQ Unified Manager for Linux"},{"burt":"1235344","jira":"","product":"Active IQ Unified Manager for Microsoft Windows"},{"burt":"1235343","jira":"","product":"Active IQ Unified Manager for VMware vSphere"},{"burt":"1235331","jira":"","product":"E-Series SANtricity Management Plug-ins (VMware vCenter)"},{"burt":"1235334","jira":"","product":"E-Series SANtricity OS Controller Software 11.x"},{"burt":"1235332","jira":"","product":"E-Series SANtricity Unified Manager and Web Services Proxy"},{"burt":"1352727","jira":"","product":"Element Plug-in for vCenter Server"},{"burt":"1235339","jira":"","product":"NetApp BlueXP"},{"burt":"1235336","jira":"","product":"NetApp Converged Systems Advisor Agent"},{"burt":"1235337","jira":"","product":"NetApp NFS Plug-in for VMware VAAI"},{"burt":"1235333","jira":"","product":"NetApp SANtricity Cloud Connector"},{"burt":"1352743","jira":"","product":"NetApp SolidFire & HCI Management Node"},{"burt":"1352771","jira":"","product":"NetApp SolidFire & HCI Storage Node (Element Software)"},{"burt":"1235338","jira":"","product":"NetApp VASA Provider for Clustered Data ONTAP 9.7 and above"},{"burt":"","jira":"ICI-6180","product":"OnCommand Insight"},{"burt":"1235340","jira":"","product":"OnCommand System Manager 3.x "},{"burt":"1235341","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"1235346","jira":"","product":"Snap Creator Framework"},{"burt":"1235345","jira":"","product":"SnapCenter"},{"burt":"1235347","jira":"","product":"SnapManager for Oracle"},{"burt":"1235348","jira":"","product":"SnapManager for SAP"},{"burt":"1235335","jira":"","product":"Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere 9.7 and above"},{"burt":"1235349","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"},{"burt":"1235350","jira":"","product":"Virtual Storage Console for VMware vSphere 9.7 and above"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":["https://bugs.eclipse.org/bugs/show_bug.cgi?id=546121","https://bugs.eclipse.org/bugs/show_bug.cgi?id=546576","https://bugs.eclipse.org/bugs/show_bug.cgi?id=546577"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20190509","version":"1.0"},{"comment":"E-Series SANtricity Web Services (REST API) for Web Services Proxy moved to Products Not Affected","date":"20190516","version":"2.0"},{"comment":"NetApp NFS Plug-in for VMware VAAI moved to Products Not Affected","date":"20190524","version":"3.0"},{"comment":"SnapCenter added to Software Versions and Fixes","date":"20190530","version":"4.0"},{"comment":"Element plug-in for vCenter Server (formerly VCP), Element Software (formerly SolidFire Element OS), Element Software Management Node and NetApp HCI Storage Nodes moved to Affected Products","date":"20190613","version":"5.0"},{"comment":"NetApp Converged Systems Advisor moved to Products Not Affected","date":"20190715","version":"6.0"},{"comment":"Snap Creator Framework added to Software Versions and Fixes","date":"20190820","version":"7.0"},{"comment":"NetApp VASA Provider for Clustered Data ONTAP 7.2 and above, Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere 7.2 and above added to Software Versions and Fixes","date":"20190821","version":"8.0"},{"comment":"SnapManager for Oracle and SnapManager for SAP added to Software Versions and Fixes","date":"20191231","version":"9.0"},{"comment":"Storage Services Connector moved to Affected Products","date":"20200327","version":"10.0"},{"comment":"Virtual Storage Console for VMware vSphere 7.2 and above added to Software Versions and Fixes","date":"20200513","version":"11.0"},{"comment":"OnCommand Insight moved to Products Not Affected","date":"20200917","version":"12.0"},{"comment":"OnCommand Cloud Manager moved to Products Not Affected","date":"20201211","version":"13.0"},{"comment":"OnCommand System Manager 3.x moved to Won't Fix status","date":"20210104","version":"14.0"},{"comment":"After additional review NetApp SolidFire & HCI Management Node, and NetApp SolidFire & HCI Storage Node (Element Software) moved from Affected Products to Products Not Affected","date":"20210216","version":"15.0"},{"comment":"Element Plug-in for vCenter Server added to Software Versions and Fixes, Final status","date":"20210608","version":"16.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2019-10241":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","CVE-2019-10246":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","CVE-2019-10247":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},"kb_scoring_calc":[{"cve_id":"CVE-2019-10241","range":"MEDIUM","score":4.7,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"},{"cve_id":"CVE-2019-10246","range":"MEDIUM","score":5.3,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"cve_id":"CVE-2019-10247","range":"MEDIUM","score":5.3,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate Eclipse Jetty server. Eclipse Jetty versions 7.x, 8.x, 9.0 prior to 9.2.28, 9.3.27, 9.4.17 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information or addition or modification of data.","kb_title":"April 2019 Eclipse Jetty Vulnerabilities in NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","Active IQ mobile app","Astra Trident","Brocade Fabric Operating System Firmware","E-Series SANtricity Management Plug-ins (VMware vCenter)","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Storage Manager","E-Series SANtricity Unified Manager and Web Services Proxy","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800/C800/A150","FAS/AFF Service Processor - 8080/8060/8040/8020","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","IOM6 SAS Disk Shelf Firmware","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp BlueXP","NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","NetApp Converged Systems Advisor Agent","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Compute Node BIOS","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SANtricity Cloud Connector","NetApp SMI-S Provider","NetApp SolidFire & HCI Management Node","NetApp SolidFire & HCI Storage Node (Element Software)","ONTAP 9 (formerly Clustered Data ONTAP)","ONTAP Antivirus Connector","ONTAP Select Deploy administration utility","OnCommand Insight","OnCommand Unified Manager Core Package","Single Mailbox Recovery","SnapManager for Hyper-V","StorageGRID (formerly StorageGRID Webscale)","StorageGRID Baseboard Management Controller (BMC)","System Manager 9.x","fOnCommand Workflow Automation"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20190509-0003","adv_id":"ntap-20190509-0003","published_date":"2019-05-09T00:00:00","updated_date":"2021-06-08T00:00:00","inserted_date":"2025-05-27T05:01:25.548000","modified_date":null}}