{"status":"success","advisory":{"_id":"683547265b16347a91c39dd1","kb_acknowledgements":null,"kb_affected_list":["NetApp Cloud Backup (formerly AltaVault)","NetApp Converged Systems Advisor Agent"],"kb_bad_data":false,"kb_cve":["CVE-2019-10160"],"kb_exploitation":"Public","kb_fixes":[{"product":"NetApp Cloud Backup (formerly AltaVault)","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2880179.html"},{"product":"NetApp Converged Systems Advisor Agent","fixes":[],"instructions":"Fixed by bug 1244624. First fixed versions include the following: 2007","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_internal_notes":[{"burt":"","jira":"","product":"Element HealthTools"},{"burt":"1244625","jira":"","product":"NetApp Cloud Backup (formerly AltaVault)"},{"burt":"1244624","jira":"","product":"NetApp Converged Systems Advisor Agent"},{"burt":"","jira":"","product":"NetApp HCI Compute Node (Bootstrap OS)"},{"burt":"","jira":"","product":"NetApp HCI Storage Nodes"},{"burt":"","jira":"ICI-6290","product":"OnCommand Insight"},{"burt":"1244627","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":["https://python-security.readthedocs.io/vuln/urlsplit-nfkc-normalization2.html","https://github.com/python/cpython/commit/250b62acc59921d399f0db47db3b462cd6037e09","https://github.com/python/cpython/commit/8d0ef0b5edeae52960c7ed05ae8a12388324f87e","https://github.com/python/cpython/commit/f61599b050c621386a3fc6bc480359e2d3bb93de","https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20190617","version":"1.0"},{"comment":"Active IQ Performance Analytics Services added to Software Versions and Fixes","date":"20200327","version":"2.0"},{"comment":"NetApp Converged Systems Advisor Agent moved to Affected Products","date":"20200417","version":"3.0"},{"comment":"NetApp Cloud Backup (formerly AltaVault) moved to Won't Fix status","date":"20220106","version":"4.0"},{"comment":"NetApp Converged Systems Advisor Agent added to Software Versions and Fixes, Final status","date":"20221219","version":"5.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2019-10160":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"kb_scoring_calc":[{"cve_id":"CVE-2019-10160","range":"CRITICAL","score":9.8,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate Python. Python versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_title":"CVE-2019-10160 Python Vulnerability in NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","AFF Baseboard Management Controller (BMC) - A700s","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","Active IQ mobile app","Astra Trident","Brocade Fabric Operating System Firmware","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Storage Manager","E-Series SANtricity Unified Manager and Web Services Proxy","Element HealthTools","Element Plug-in for vCenter Server","FAS/AFF BIOS - 8300/8700/A400","FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800","FAS/AFF Service Processor - 8080/8060/8040/8020","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp BlueXP","NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","NetApp E-Series Performance Analyzer","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Compute Node BIOS","NetApp HCI Storage Nodes","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SMI-S Provider","NetApp SolidFire & HCI Management Node","NetApp SolidFire & HCI Storage Node (Element Software)","NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)","ONTAP 9 (formerly Clustered Data ONTAP)","ONTAP Antivirus Connector","ONTAP Select Deploy administration utility","OnCommand Insight","OnCommand Workflow Automation","SAS Firmware","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapManager for Hyper-V","SolidFire Storage Replication Adapter","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","StorageGRID Baseboard Management Controller (BMC)","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20190617-0003","adv_id":"ntap-20190617-0003","published_date":"2019-06-17T00:00:00","updated_date":"2022-12-19T00:00:00","inserted_date":"2025-05-27T05:01:26.035000","modified_date":null}}