{"status":"success","advisory":{"_id":"683547395b16347a91c3a161","kb_acknowledgements":null,"kb_affected_list":["Active IQ Unified Manager for Linux","Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","SnapCenter"],"kb_bad_data":false,"kb_cve":["CVE-2020-13956"],"kb_exploitation":"Public","kb_fixes":[{"product":"SnapCenter","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/snapcenter/downloads-tab/download/62018/4.5","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Active IQ Unified Manager for Linux","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/activeiq-unified-manager/downloads-tab/download/62791/9.12","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Active IQ Unified Manager for Microsoft Windows","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/activeiq-unified-manager/downloads-tab/download/62791/9.12","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"Active IQ Unified Manager for VMware vSphere","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/activeiq-unified-manager/downloads-tab/download/62791/9.12","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of this vulnerability could lead to disclosure of sensitive information or addition or modification of data.","kb_internal_notes":[{"burt":"1456233","jira":"","product":"Active IQ Unified Manager for Linux"},{"burt":"1456236","jira":"","product":"Active IQ Unified Manager for Microsoft Windows"},{"burt":"1456237","jira":"","product":"Active IQ Unified Manager for VMware vSphere"},{"burt":"","jira":"","product":"Active IQ mobile app"},{"burt":"1363227","jira":"","product":"Brocade Fabric Operating System Firmware"},{"burt":"","jira":"ICI-8089","product":"Cloud Insights Acquisition Unit"},{"burt":"","jira":"ICI-8090","product":"Cloud Insights Storage Workload Security Agent"},{"burt":"1363235","jira":"","product":"Element Plug-in for vCenter Server"},{"burt":"1363230","jira":"","product":"Management Services for Element Software and NetApp HCI"},{"burt":"1363232","jira":"","product":"NetApp BlueXP"},{"burt":"1363237","jira":"","product":"NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)"},{"burt":"","jira":"ICI-8091","product":"OnCommand Insight"},{"burt":"1363233","jira":"","product":"SnapCenter"},{"burt":"1363231","jira":"","product":"SnapCenter Plug-in for VMware vSphere"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":[],"kb_rev_history":[{"comment":"Initial Public Release","date":"20220210","version":"1.0"},{"comment":"Active IQ Unified Manager for Linux, Active IQ Unified Manager for Microsoft Windows, and Active IQ Unified Manager for VMware vSphere moved to Affected Products","date":"20220425","version":"2.0"},{"comment":"Active IQ Unified Manager for VMware vSphere, Active IQ Unified Manager for Microsoft Windows and Active IQ Unified Manager for Linux added to Software Versions and Fixes, Final status","date":"20230207","version":"3.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2020-13956":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},"kb_scoring_calc":[{"cve_id":"CVE-2020-13956","range":"MEDIUM","score":6.5,"vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"kb_status":"Final","kb_summary":"Multiple NetApp products incorporate Apache HttpClient. Apache HttpClient versions 4.5.x through 4.5.12 and 5.0.x through 5.0.2 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information or addition or modification of data.","kb_title":"CVE-2020-13956 Apache HttpClient Vulnerability in NetApp Products","kb_unaffected_list":["7-Mode Transition Tool","AFF Baseboard Management Controller (BMC) - A700s","Active IQ mobile app","Astra Trident","Brocade Fabric Operating System Firmware","Brocade SAN Navigator (SANnav)","Cloud Insights Acquisition Unit","Cloud Insights Storage Workload Security Agent","Cloud Insights Telegraf Agent","Cloud Volumes ONTAP Mediator","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Storage Manager","E-Series SANtricity Unified Manager and Web Services Proxy","Element .NET SDK","Element HealthTools","Element JAVA SDK","Element Plug-in for vCenter Server","Element Python SDK","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - A250/500f/C250","FAS/AFF Baseboard Management Controller (BMC) - A320/C190/A220/FAS2720/FAS2750/A800/C800/A150","FAS/AFF Service Processor - 8080/8060/8040/8020","Global File Cache","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","IOM6 SAS Disk Shelf Firmware","Inventory Collect Tool","Management Services for Element Software and NetApp HCI","MetroCluster Tiebreaker for clustered Data ONTAP","NetApp BlueXP","NetApp Cloud Backup OST Plug-in (formerly AltaVault OST Plug-in)","NetApp Converged Systems Advisor Agent","NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S","NetApp HCI Baseboard Management Controller (BMC) - H410C","NetApp HCI Baseboard Management Controller (BMC) - H610C","NetApp HCI Baseboard Management Controller (BMC) - H610S","NetApp HCI Baseboard Management Controller (BMC) - H615C","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Compute Node BIOS","NetApp HCI Storage Node BIOS","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SMI-S Provider","NetApp SolidFire & HCI Management Node","NetApp SolidFire & HCI Storage Node (Element Software)","NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)","NetApp Virtual Desktop Service (VDS)","NetApp XCP NFS","NetApp XCP SMB","ONTAP 9 (formerly Clustered Data ONTAP)","ONTAP Antivirus Connector","ONTAP Mediator","ONTAP Select Deploy administration utility","OnCommand Insight","SRA Plugin for Linux","SRA Plugin for Windows","Single Mailbox Recovery","Snap Creator Framework","SnapCenter Plug-in for VMware vSphere","SnapManager for Hyper-V","SolidFire Storage Replication Adapter","StorageGRID (formerly StorageGRID Webscale)","StorageGRID Baseboard Management Controller (BMC)","System Manager 9.x","fOnCommand Workflow Automation"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20220210-0002","adv_id":"ntap-20220210-0002","published_date":"2022-02-10T00:00:00","updated_date":"2023-02-07T00:00:00","inserted_date":"2025-05-27T05:01:45.832000","modified_date":null}}