{"status":"success","advisory":{"_id":"683547265b16347a91c39e04","kb_acknowledgements":null,"kb_affected_list":["NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)"],"kb_bad_data":false,"kb_cve":["CVE-2019-9511","CVE-2019-9513","CVE-2019-9516"],"kb_exploitation":"Public","kb_fixes":[{"product":"NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2848905.html"}],"kb_impact":"Successful exploitation of these vulnerabilities could lead to Denial of Service (DoS).","kb_internal_notes":[{"burt":"1261434","jira":"","product":"NetApp Cloud Backup (formerly AltaVault)"},{"burt":"1261432","jira":"","product":"NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)"},{"burt":"","jira":"","product":"NetApp HCI Compute Node (Bootstrap OS)"},{"burt":"","jira":"","product":"NetApp SolidFire & HCI Management Node"},{"burt":"1261436","jira":"","product":"ONTAP Select Deploy administration utility"},{"burt":"1322373","jira":"","product":"SnapCenter Plug-in for VMware vSphere/BlueXP backup and Recovery for Virtual Machine"},{"burt":"1261437","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":["https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20190823","version":"1.0"},{"comment":"StorageGRID Webscale NAS Bridge moved to Products Not Affected","date":"20190830","version":"2.0"},{"comment":"NetApp Cloud Backup (formerly AltaVault) moved to Products Not Affected","date":"20190909","version":"3.0"},{"comment":"SnapCenter Plug-in for VMware vSphere moved to Products Not Affected","date":"20200522","version":"4.0"},{"comment":"NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in) moved to Won't Fix status, Final status","date":"20240102","version":"5.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2019-9511":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","CVE-2019-9513":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","CVE-2019-9516":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},"kb_scoring_calc":[{"cve_id":"CVE-2019-9511","range":"MEDIUM","score":6.5,"vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"cve_id":"CVE-2019-9513","range":"HIGH","score":7.5,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"cve_id":"CVE-2019-9516","range":"MEDIUM","score":6.5,"vector":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate NGINX. NGINX versions prior to 1.16.1 (stable), 1.17.3 (mainline) and NGINX Plus R18 P1 are susceptible to vulnerabilities which when successfully exploited could lead to Denial of Service (DoS).","kb_title":"August 2019 NGINX Vulnerabilities in NetApp Products","kb_unaffected_list":["AFF Baseboard Management Controller (BMC) - A700s","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","Active IQ mobile app","Astra Trident","Brocade Fabric Operating System Firmware","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Unified Manager and Web Services Proxy","Element HealthTools","Element Plug-in for vCenter Server","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","IOM6 SAS Disk Shelf Firmware","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp BlueXP","NetApp Cloud Backup (formerly AltaVault)","NetApp Converged Systems Advisor Agent","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Compute Node BIOS","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SolidFire & HCI Management Node","NetApp SolidFire & HCI Storage Node (Element Software)","NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)","ONTAP 9 (formerly Clustered Data ONTAP)","ONTAP Antivirus Connector","ONTAP Select Deploy administration utility","OnCommand Insight","OnCommand Workflow Automation","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapCenter Plug-in for VMware vSphere/BlueXP backup and Recovery for Virtual Machine","SnapManager for Hyper-V","SolidFire Storage Replication Adapter","StorageGRID (formerly StorageGRID Webscale)","StorageGRID Baseboard Management Controller (BMC)","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20190823-0002","adv_id":"ntap-20190823-0002","published_date":"2019-08-23T00:00:00","updated_date":"2024-01-02T00:00:00","inserted_date":"2025-05-27T05:01:26.873000","modified_date":null}}