{"status":"success","advisory":{"_id":"683547305b16347a91c39fb3","kb_acknowledgements":null,"kb_affected_list":["Brocade Fabric Operating System Firmware","OnCommand Unified Manager Core Package"],"kb_bad_data":false,"kb_cve":["CVE-2020-1927","CVE-2020-1934"],"kb_exploitation":"Public","kb_fixes":[{"product":"Brocade Fabric Operating System Firmware","fixes":[],"instructions":"Fixed in FOS 9.2.0.","wontfix":false,"eos_link":null},{"product":"OnCommand Unified Manager Core Package","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/oncommand-umcore/downloads-tab/download/60317/5.2.5P1","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of these vulnerabilities could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_internal_notes":[{"burt":"1311475","jira":"","product":"Brocade Fabric Operating System Firmware"},{"burt":"1311477","jira":"","product":"NetApp Cloud Backup (formerly AltaVault)"},{"burt":"1311476","jira":"","product":"ONTAP 9 (formerly Clustered Data ONTAP)"},{"burt":"1311480","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"1311483","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":["https://httpd.apache.org/security/vulnerabilities_24.html"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20200413","version":"1.0"},{"comment":"Clustered Data ONTAP moved to Products Not Affected","date":"20200415","version":"2.0"},{"comment":"Brocade Fabric Operating System Firmware moved to Affected Products","date":"20200709","version":"3.0"},{"comment":"OnCommand Unified Manager for 7-Mode (core package) moved to Affected Products","date":"20200714","version":"4.0"},{"comment":"OnCommand Unified Manager Core Package added to Software Versions and Fixes","date":"20210209","version":"5.0"},{"comment":"NetApp Cloud Backup (formerly AltaVault) moved to Products Not Affected","date":"20210519","version":"6.0"},{"comment":"Brocade Fabric Operating System Firmware added to Software Versions and Fixes, Final status","date":"20240425","version":"7.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2020-1927":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","CVE-2020-1934":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"kb_scoring_calc":[{"cve_id":"CVE-2020-1927","range":"MEDIUM","score":6.1,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"cve_id":"CVE-2020-1934","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate Apache httpd libraries. Apache httpd versions 2.4.0 through 2.4.41 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_title":"April 2020 Apache HTTP Server Vulnerabilities in NetApp Products","kb_unaffected_list":["AFF Baseboard Management Controller (BMC) - A700s","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","Active IQ mobile app","Astra Trident","Brocade SAN Navigator (SANnav)","Cloud Insights Storage Workload Security Agent","Cloud Insights Telegraf Agent","Cloud Volumes ONTAP Mediator","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Unified Manager and Web Services Proxy","Element HealthTools","Element Plug-in for vCenter Server","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","IOM6 SAS Disk Shelf Firmware","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp BlueXP","NetApp Cloud Backup (formerly AltaVault)","NetApp Converged Systems Advisor Agent","NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S","NetApp HCI Baseboard Management Controller (BMC) - H410C","NetApp HCI Baseboard Management Controller (BMC) - H610C","NetApp HCI Baseboard Management Controller (BMC) - H610S","NetApp HCI Baseboard Management Controller (BMC) - H615C","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Compute Node BIOS","NetApp HCI Storage Node BIOS","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SolidFire & HCI Management Node","NetApp SolidFire & HCI Storage Node (Element Software)","NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)","NetApp XCP NFS","NetApp XCP SMB","ONTAP 9 (formerly Clustered Data ONTAP)","ONTAP Antivirus Connector","ONTAP Mediator","ONTAP Select Deploy administration utility","OnCommand Insight","OnCommand Workflow Automation","SRA Plugin for Linux","SRA Plugin for Windows","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapCenter Plug-in for VMware vSphere/BlueXP backup and Recovery for Virtual Machine","SnapManager for Hyper-V","SolidFire Storage Replication Adapter","StorageGRID (formerly StorageGRID Webscale)","StorageGRID Baseboard Management Controller (BMC)","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20200413-0002","adv_id":"ntap-20200413-0002","published_date":"2020-04-13T00:00:00","updated_date":"2024-04-25T00:00:00","inserted_date":"2025-05-27T05:01:36.752000","modified_date":null}}