{"status":"success","advisory":{"_id":"6835472d5b16347a91c39f24","kb_acknowledgements":null,"kb_affected_list":["NetApp Cloud Backup (formerly AltaVault)","OnCommand Workflow Automation","Snap Creator Framework"],"kb_bad_data":false,"kb_cve":["CVE-2020-10878","CVE-2020-12723","CVE-2020-10543"],"kb_exploitation":"Public","kb_fixes":[{"product":"OnCommand Workflow Automation","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/ocwfa/downloads-tab/download/61550/5.1.1P4","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Snap Creator Framework","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/snapcreator/downloads-tab/download/61011/4.3.3P5","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Cloud Backup (formerly AltaVault)","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2880179.html"}],"kb_impact":"Successful exploitation of these vulnerabilities could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_internal_notes":[{"burt":"1326860","jira":"","product":"Cloud Volumes ONTAP Mediator"},{"burt":"1326861","jira":"","product":"E-Series SANtricity OS Controller Software 11.x"},{"burt":"1326865","jira":"","product":"NetApp Cloud Backup (formerly AltaVault)"},{"burt":"1326863","jira":"","product":"NetApp Converged Systems Advisor Agent"},{"burt":"1326873","jira":"","product":"NetApp HCI Compute Node (Bootstrap OS)"},{"burt":"1326864","jira":"","product":"NetApp SolidFire & HCI Management Node"},{"burt":"1326874","jira":"","product":"NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)"},{"burt":"1326866","jira":"","product":"NetApp VASA Provider for Clustered Data ONTAP 9.7 and above"},{"burt":"1326869","jira":"","product":"ONTAP Select Deploy administration utility"},{"burt":"","jira":"ICI-7847","product":"OnCommand Insight"},{"burt":"1326867","jira":"","product":"OnCommand Workflow Automation"},{"burt":"1326875","jira":"","product":"SRA Plugin for Linux"},{"burt":"1326871","jira":"","product":"Snap Creator Framework"},{"burt":"1326870","jira":"","product":"SnapCenter"},{"burt":"1326872","jira":"","product":"SnapDrive for Unix"},{"burt":"1326862","jira":"","product":"Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere 9.7 and above"},{"burt":"1326877","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":[],"kb_rev_history":[{"comment":"Initial Public Release","date":"20200611","version":"1.0"},{"comment":"E-Series SANtricity OS Controller Software 11.x, NetApp HCI Compute Node (Bootstrap OS), NetApp SolidFire & HCI Management Node, NetApp SolidFire & HCI Storage Node (Element Software), NetApp VASA Provider for Clustered Data ONTAP 7.2 and above, SnapDrive for Unix, and Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere 7.2 moved to Products Not Affected","date":"20200616","version":"2.0"},{"comment":"OnCommand Workflow Automation moved to Affected Products","date":"20200624","version":"3.0"},{"comment":"NetApp Converged Systems Advisor Agent moved to Products Not Affected","date":"20200717","version":"4.0"},{"comment":"ONTAP Select Deploy administration utility moved to Products Not Affected","date":"20200720","version":"5.0"},{"comment":"SRA Plugin for Linux moved to Products Not Affected","date":"20200814","version":"6.0"},{"comment":"Snap Creator Framework moved to Affected Products","date":"20200917","version":"7.0"},{"comment":"OnCommand Insight moved to Products Not Affected","date":"20200922","version":"8.0"},{"comment":"Snap Creator Framework added to Software Versions and Fixes","date":"20210508","version":"9.0"},{"comment":"NetApp Cloud Backup (formerly AltaVault) moved to Won't Fix status","date":"20220106","version":"10.0"},{"comment":"OnCommand Workflow Automation added to Software Versions and Fixes, Final status","date":"20220829","version":"11.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2020-10543":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2020-10878":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","CVE-2020-12723":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"kb_scoring_calc":[{"cve_id":"CVE-2020-10543","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2020-10878","range":"CRITICAL","score":9.8,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"cve_id":"CVE-2020-12723","range":"HIGH","score":7.5,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate Perl. Perl versions prior to 5.30.3 are susceptible to vulnerabilities which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_title":"June 2020 Perl Vulnerabilities in NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","AFF Baseboard Management Controller (BMC) - A700s","ATTO FibreBridge - 6500N","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","Active IQ mobile app","Astra Trident","Brocade Fabric Operating System Firmware","Brocade SAN Navigator (SANnav)","Cloud Insights Acquisition Unit","Cloud Insights Telegraf Agent","Cloud Manager","Cloud Secure Agent","Cloud Volumes ONTAP Mediator","Clustered Data ONTAP","Clustered Data ONTAP Antivirus Connector","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Storage Manager","E-Series SANtricity Unified Manager and Web Services Proxy","Element .NET SDK","Element HealthTools","Element JAVA SDK","Element Plug-in for vCenter Server","Element Python SDK","FAS/AFF BIOS","FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400","FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","Inventory Collect Tool","Management Services for Element Software and NetApp HCI","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","NetApp Converged Systems Advisor Agent","NetApp E-Series Performance Analyzer","NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S","NetApp HCI Baseboard Management Controller (BMC) - H410C","NetApp HCI Baseboard Management Controller (BMC) - H610C","NetApp HCI Baseboard Management Controller (BMC) - H610S","NetApp HCI Baseboard Management Controller (BMC) - H615C","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Compute Node BIOS","NetApp HCI Storage Node BIOS","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp SANtricity SMI-S Provider","NetApp SMI-S Provider","NetApp SolidFire & HCI Management Node","NetApp SolidFire BIOS","NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)","NetApp SolidFire, Enterprise SDS & HCI Storage Node (Element Software)","NetApp VASA Provider for Clustered Data ONTAP 9.7 and above","NetApp XCP NFS","NetApp XCP SMB","ONTAP Mediator","ONTAP Select Deploy administration utility","OnCommand Insight","Open Systems SnapVault Agent","SAS Firmware","SRA Plugin for Linux","SRA Plugin for Windows","Service Processor","Single Mailbox Recovery","SnapCenter","SnapCenter Plug-in for VMware vSphere","SnapDrive for Unix","SnapManager for Hyper-V","SnapManager for Oracle","SnapManager for SAP","SolidFire Storage Replication Adapter","Storage Replication Adapter for Clustered Data ONTAP for VMware vSphere 9.7 and above","Storage Services Connector","StorageGRID (formerly StorageGRID Webscale)","StorageGRID Baseboard Management Controller (BMC)","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20200611-0001","adv_id":"ntap-20200611-0001","published_date":"2020-06-11T00:00:00","updated_date":"2022-08-29T00:00:00","inserted_date":"2025-05-27T05:01:33.394000","modified_date":null}}