{"status":"success","advisory":{"_id":"683547305b16347a91c39f94","kb_acknowledgements":null,"kb_affected_list":["Active IQ Unified Manager for VMware vSphere"],"kb_bad_data":false,"kb_cve":["CVE-2019-9674"],"kb_exploitation":"Public","kb_fixes":[{"product":"Active IQ Unified Manager for VMware vSphere","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/activeiq-unified-manager/downloads-tab/download/62791/9.12","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of this vulnerability could lead to Denial of Service (DoS).","kb_internal_notes":[{"burt":"1300678","jira":"","product":"Active IQ Unified Manager for VMware vSphere"},{"burt":"1300671","jira":"","product":"Cloud Volumes ONTAP Mediator"},{"burt":"1300688","jira":"","product":"Element HealthTools"},{"burt":"1300672","jira":"","product":"MAX Data"},{"burt":"1300675","jira":"","product":"NetApp Cloud Backup (formerly AltaVault)"},{"burt":"1300673","jira":"","product":"NetApp Converged Systems Advisor Agent"},{"burt":"1300682","jira":"","product":"NetApp HCI Compute Node (Bootstrap OS)"},{"burt":"1300674","jira":"","product":"NetApp HCI Storage Nodes"},{"burt":"1300684","jira":"","product":"NetApp SolidFire & HCI Storage Node (Element Software)"},{"burt":"1300677","jira":"","product":"NetApp XCP NFS"},{"burt":"1300676","jira":"","product":"NetApp XCP SMB"},{"burt":"1300680","jira":"","product":"ONTAP Mediator"},{"burt":"1300681","jira":"","product":"ONTAP Select Deploy administration utility"},{"burt":"","jira":"ICI-6987","product":"OnCommand Insight"},{"burt":"1300685","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":["https://python-security.readthedocs.io/security.html#archives-and-zip-bomb"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20200221","version":"1.0"},{"comment":"ONTAP Mediator moved to Products Not Affected","date":"20200226","version":"2.0"},{"comment":"Cloud Volumes ONTAP Mediator moved to Products Not Affected","date":"20200307","version":"3.0"},{"comment":"NetApp XCP NFS and NetApp XCP SMB moved to Products Not Affected","date":"20200324","version":"4.0"},{"comment":"Element HealthTools moved to Products Not Affected","date":"20200409","version":"5.0"},{"comment":"NetApp Converged Systems Advisor Agent moved to Products Not Affected","date":"20200413","version":"6.0"},{"comment":"NetApp Cloud Backup (formerly AltaVault) moved to Products Not Affected","date":"20210519","version":"7.0"},{"comment":"Active IQ Unified Manager for VMware vSphere added to Software Versions and Fixes, Final status","date":"20230207","version":"8.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2019-9674":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},"kb_scoring_calc":[{"cve_id":"CVE-2019-9674","range":"MEDIUM","score":5.5,"vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate Python. Python versions through 3.7.2 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS).","kb_title":"CVE-2019-9674 Python Vulnerability in NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","AFF Baseboard Management Controller (BMC) - A700s","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ mobile app","Astra Trident","Brocade Fabric Operating System Firmware","Brocade SAN Navigator (SANnav)","Cloud Insights Storage Workload Security Agent","Cloud Insights Telegraf Agent","Cloud Volumes ONTAP Mediator","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Unified Manager and Web Services Proxy","Element HealthTools","Element Plug-in for vCenter Server","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800/C800/A150","FAS/AFF Service Processor - 8080/8060/8040/8020","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","IOM6 SAS Disk Shelf Firmware","MAX Data","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp BlueXP","NetApp Cloud Backup (formerly AltaVault)","NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","NetApp Converged Systems Advisor Agent","NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S","NetApp HCI Baseboard Management Controller (BMC) - H410C","NetApp HCI Baseboard Management Controller (BMC) - H610C","NetApp HCI Baseboard Management Controller (BMC) - H610S","NetApp HCI Baseboard Management Controller (BMC) - H615C","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Compute Node BIOS","NetApp HCI Storage Nodes","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SolidFire & HCI Management Node","NetApp SolidFire & HCI Storage Node (Element Software)","NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)","NetApp XCP NFS","NetApp XCP SMB","ONTAP 9 (formerly Clustered Data ONTAP)","ONTAP Antivirus Connector","ONTAP Mediator","ONTAP Select Deploy administration utility","OnCommand Insight","OnCommand Workflow Automation","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapCenter Plug-in for VMware vSphere","SnapManager for Hyper-V","SolidFire Storage Replication Adapter","StorageGRID (formerly StorageGRID Webscale)","StorageGRID Baseboard Management Controller (BMC)","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20200221-0003","adv_id":"ntap-20200221-0003","published_date":"2020-02-21T00:00:00","updated_date":"2023-02-07T00:00:00","inserted_date":"2025-05-27T05:01:36.051000","modified_date":null}}