{"status":"success","advisory":{"_id":"683547355b16347a91c3a07c","kb_acknowledgements":null,"kb_affected_list":["Management Services for Element Software and NetApp HCI"],"kb_bad_data":false,"kb_cve":["CVE-2021-41079"],"kb_exploitation":"Public","kb_fixes":[{"product":"Management Services for Element Software and NetApp HCI","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/mgmtservices/downloads-tab/download/63086/2.19.48/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of this vulnerability could lead to Denial of Service (DoS).","kb_internal_notes":[{"burt":"1434660","jira":"","product":"7-Mode Transition Tool"},{"burt":"","jira":"ICI-9461","product":"Cloud Insights Storage Workload Security Agent"},{"burt":"1434661","jira":"","product":"Element Plug-in for vCenter Server"},{"burt":"1434662","jira":"","product":"Management Services for Element Software and NetApp HCI"},{"burt":"1432366","jira":"","product":"SnapCenter Plug-in for VMware vSphere/BlueXP backup and Recovery for Virtual Machine"},{"burt":"1432368","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"},{"burt":"1432367","jira":"","product":"StorageGRID9 (9.x and prior)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":["https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20211008","version":"1.0"},{"comment":"SnapCenter Plug-in for VMware vSphere moved to Products Not Affected","date":"20211014","version":"2.0"},{"comment":"Element Plug-in for vCenter Server moved to Products Not Affected, and Management Services for Element Software and NetApp HCI added to Software Versions and Fixes","date":"20211022","version":"3.0"},{"comment":"7-Mode Transition Tool moved to Products Not Affected, Final status","date":"20220105","version":"4.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2021-41079":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},"kb_scoring_calc":[{"cve_id":"CVE-2021-41079","range":"HIGH","score":7.5,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate Apache Tomcat. Apache Tomcat versions 8.5.0 prior to 8.5.64, 9.0.0-M1 prior to 9.0.44 and 10.0.0-M1 through 10.0.2 are susceptible to a vulnerability which when successfully exploited could lead to Denial of Service (DoS).","kb_title":"CVE-2021-41079 Apache Tomcat Vulnerability in NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","AFF Baseboard Management Controller (BMC) - A700s","ATTO FibreBridge - 7500N","ATTO FibreBridge - 7600N","Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","Active IQ mobile app","Astra Control Center","Astra Control Center - NetApp Kubernetes Monitoring Operator","Astra Trident","BlueXP Classification","Brocade Fabric Operating System Firmware","Brocade SAN Navigator (SANnav)","Cloud Insights Acquisition Unit","Cloud Insights Storage Workload Security Agent","Cloud Insights Telegraf Agent","Cloud Volumes ONTAP Mediator","E-Series BIOS","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Unified Manager and Web Services Proxy","Element .NET SDK","Element HealthTools","Element JAVA SDK","Element Plug-in for vCenter Server","Element Powershell Tools","Element Python SDK","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - A250/500f/C250","FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750","Global File Cache","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","IOM6 SAS Disk Shelf Firmware","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp BlueXP","NetApp Converged Systems Advisor Agent","NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S","NetApp HCI Baseboard Management Controller (BMC) - H410C","NetApp HCI Baseboard Management Controller (BMC) - H610C","NetApp HCI Baseboard Management Controller (BMC) - H610S","NetApp HCI Baseboard Management Controller (BMC) - H615C","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Compute Node BIOS","NetApp HCI Storage Node BIOS","NetApp Kubernetes Monitoring Operator","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SolidFire & HCI Management Node","NetApp SolidFire & HCI Storage Node (Element Software)","NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)","NetApp XCP NFS","NetApp XCP SMB","ONTAP 9 (formerly Clustered Data ONTAP)","ONTAP Antivirus Connector","ONTAP Mediator","ONTAP Select Deploy administration utility","OnCommand Insight","OnCommand Workflow Automation","SANtricity Storage Plugin for vCenter","SRA Plugin for Linux","SRA Plugin for Windows","Single Mailbox Recovery","Snap Creator Framework","SnapCenter","SnapCenter Plug-in for VMware vSphere/BlueXP backup and Recovery for Virtual Machine","SnapManager for Hyper-V","SolidFire Storage Replication Adapter","StorageGRID (formerly StorageGRID Webscale)","StorageGRID BIOS SG1000/SG100/SG1100/SG110","StorageGRID BIOS SG5660/SG5612/SG5760/SG5712","StorageGRID BIOS SG6060/SGF6024/SGF6112/SG6160","StorageGRID Baseboard Management Controller (BMC) - SG6060/SG6160/SGF6024/SGF6112/SG100/SG110/SG1000/SG1100","StorageGRID9 (9.x and prior)","System Manager 9.x"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20211008-0005","adv_id":"ntap-20211008-0005","published_date":"2021-10-08T00:00:00","updated_date":"2022-01-05T00:00:00","inserted_date":"2025-05-27T05:01:41.685000","modified_date":null}}