{"status":"success","advisory":{"_id":"683547285b16347a91c39e4d","kb_acknowledgements":null,"kb_affected_list":["Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","NetApp Service Level Manager","OnCommand API Services","OnCommand Workflow Automation","Snap Creator Framework"],"kb_bad_data":false,"kb_cve":["CVE-2020-25649"],"kb_exploitation":"Public","kb_fixes":[{"product":"Active IQ Unified Manager for Linux","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/activeiq-unified-manager/downloads-tab/download/62791/9.7","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Active IQ Unified Manager for VMware vSphere","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/activeiq-unified-manager/downloads-tab/download/62791/9.7","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Active IQ Unified Manager for Microsoft Windows","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/activeiq-unified-manager/downloads-tab/download/62791/9.7","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Service Level Manager","fixes":[],"instructions":null,"wontfix":true,"eos_link":"https://mysupport.netapp.com/info/communications/ECMLP2861371.html"},{"product":"OnCommand API Services","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/oncommand-api/downloads-tab/download/62040/2.2P2","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Workflow Automation","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/ocwfa/downloads-tab/download/61550/5.1.1P2","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Snap Creator Framework","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/snapcreator/downloads-tab/download/61011/4.3.3P5","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of this vulnerability could lead to addition or modification of data.","kb_internal_notes":[{"burt":"1368189","jira":"","product":"7-Mode Transition Tool"},{"burt":"1368208","jira":"","product":"Active IQ Unified Manager for Linux"},{"burt":"1368210","jira":"","product":"Active IQ Unified Manager for Microsoft Windows"},{"burt":"1368209","jira":"","product":"Active IQ Unified Manager for VMware vSphere"},{"burt":"1368191","jira":"","product":"Brocade SAN Navigator (SANnav)"},{"burt":"","jira":"ICI-8212","product":"Cloud Insights Acquisition Unit"},{"burt":"","jira":"ICI-8213","product":"Cloud Insights Storage Workload Security Agent"},{"burt":"1368200","jira":"","product":"E-Series SANtricity OS Controller Software 11.x"},{"burt":"1368196","jira":"","product":"E-Series SANtricity Unified Manager and Web Services Proxy"},{"burt":"1368217","jira":"","product":"Element Plug-in for vCenter Server"},{"burt":"1368202","jira":"","product":"Management Services for Element Software and NetApp HCI"},{"burt":"1368206","jira":"","product":"NetApp BlueXP"},{"burt":"1368204","jira":"","product":"NetApp E-Series Performance Analyzer"},{"burt":"1368199","jira":"","product":"NetApp SANtricity Cloud Connector"},{"burt":"1368214","jira":"","product":"NetApp Service Level Manager"},{"burt":"1368218","jira":"","product":"NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)"},{"burt":"1368205","jira":"","product":"OnCommand API Services"},{"burt":"","jira":"ICI-8214","product":"OnCommand Insight"},{"burt":"1368207","jira":"","product":"OnCommand Unified Manager Core Package"},{"burt":"1368212","jira":"","product":"OnCommand Workflow Automation"},{"burt":"1383741","jira":"","product":"Snap Creator Framework"},{"burt":"1368216","jira":"","product":"SnapCenter"},{"burt":"1368203","jira":"","product":"SnapCenter Plug-in for VMware vSphere/BlueXP backup and Recovery for Virtual Machine"},{"burt":"1368220","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":[],"kb_rev_history":[{"comment":"Initial Public Release","date":"20210108","version":"1.0"},{"comment":"NetApp Service Level Manager moved to Won't Fix status","date":"20210201","version":"2.0"},{"comment":"NetApp E-Series Performance Analyzer moved to Products Not Affected","date":"20210208","version":"3.0"},{"comment":"Brocade SAN Navigator (SANnav) moved to Products Not Affected","date":"20210303","version":"4.0"},{"comment":"Active IQ Unified Manager for Linux, Active IQ Unified Manager for Microsoft Windows, and Active IQ Unified Manager for VMware vSphere added to Software Versions and Fixes","date":"20210325","version":"5.0"},{"comment":"OnCommand API Services added to Software Versions and Fixes","date":"20210421","version":"6.0"},{"comment":"Cloud Manager moved to Affected Products","date":"20210428","version":"7.0"},{"comment":"Snap Creator Framework added to Software Versions and Fixes","date":"20210508","version":"8.0"},{"comment":"NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO) moved to Products Not Affected","date":"20210713","version":"9.0"},{"comment":"After additional review Cloud Manager moved from Affected Products to Products Not Affected","date":"20210816","version":"10.0"},{"comment":"OnCommand Workflow Automation added to Software Versions and Fixes, Final status","date":"20210824","version":"11.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2020-25649":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},"kb_scoring_calc":[{"cve_id":"CVE-2020-25649","range":"HIGH","score":7.5,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate FasterXML Jackson Databind. FasterXML Jackson Databind versions prior to 2.6.7.4, 2.9.0 prior to 2.9.10.7, and 2.10.0 prior to 2.10.5.1 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data.","kb_title":"CVE-2020-25649 FasterXML Jackson Databind Vulnerability in NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","AFF Baseboard Management Controller (BMC) - A700s","ATTO FibreBridge - 7500N","ATTO FibreBridge - 7600N","Active IQ mobile app","Astra Trident","Brocade Fabric Operating System Firmware","Brocade SAN Navigator (SANnav)","Cloud Insights Acquisition Unit","Cloud Insights Storage Workload Security Agent","Cloud Insights Telegraf Agent","Cloud Volumes ONTAP Mediator","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Unified Manager and Web Services Proxy","Element .NET SDK","Element HealthTools","Element JAVA SDK","Element Plug-in for vCenter Server","Element Python SDK","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - A250/500f/C250","FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750","Global File Cache","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","IOM6 SAS Disk Shelf Firmware","Management Services for Element Software and NetApp HCI","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp BlueXP","NetApp Converged Systems Advisor Agent","NetApp E-Series Performance Analyzer","NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S","NetApp HCI Baseboard Management Controller (BMC) - H410C","NetApp HCI Baseboard Management Controller (BMC) - H610C","NetApp HCI Baseboard Management Controller (BMC) - H610S","NetApp HCI Baseboard Management Controller (BMC) - H615C","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Compute Node BIOS","NetApp HCI Storage Node BIOS","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SANtricity Cloud Connector","NetApp SolidFire & HCI Management Node","NetApp SolidFire & HCI Storage Node (Element Software)","NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)","NetApp XCP NFS","NetApp XCP SMB","ONTAP 9 (formerly Clustered Data ONTAP)","ONTAP Antivirus Connector","ONTAP Mediator","ONTAP Select Deploy administration utility","OnCommand Insight","OnCommand Unified Manager Core Package","SRA Plugin for Linux","SRA Plugin for Windows","Single Mailbox Recovery","SnapCenter","SnapCenter Plug-in for VMware vSphere/BlueXP backup and Recovery for Virtual Machine","SnapManager for Hyper-V","SolidFire Storage Replication Adapter","StorageGRID (formerly StorageGRID Webscale)","StorageGRID Baseboard Management Controller (BMC) - SG6060/SG6160/SGF6024/SGF6112/SG100/SG110/SG1000/SG1100","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20210108-0007","adv_id":"ntap-20210108-0007","published_date":"2021-01-08T00:00:00","updated_date":"2021-08-24T00:00:00","inserted_date":"2025-05-27T05:01:28.115000","modified_date":null}}