{"status":"success","advisory":{"_id":"6835473d5b16347a91c3a241","kb_acknowledgements":null,"kb_affected_list":["Active IQ Unified Manager for Microsoft Windows","Active IQ Unified Manager for VMware vSphere","ONTAP Select Deploy administration utility","SnapCenter"],"kb_bad_data":false,"kb_cve":["CVE-2015-20107"],"kb_exploitation":"Public","kb_fixes":[{"product":"Active IQ Unified Manager for Microsoft Windows","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/activeiq-unified-manager/downloads-tab/download/62791/9.11P1","cves":[]},{"link":"https://mysupport.netapp.com/site/products/all/details/activeiq-unified-manager/downloads-tab/download/62791/9.12","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"ONTAP Select Deploy administration utility","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/ontapselect-deploy/downloads-tab/download/62910/9.14.1","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapCenter","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/snapcenter/downloads-tab/download/62018/4.5","cves":[]},{"link":"https://mysupport.netapp.com/site/products/all/details/snapcenter/downloads-tab/download/62018/4.6","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_internal_notes":[{"burt":"1476054","jira":"","product":"Active IQ Unified Manager for Linux"},{"burt":"1476056","jira":"","product":"Active IQ Unified Manager for Microsoft Windows"},{"burt":"1476055","jira":"CAIQUM-3754","product":"Active IQ Unified Manager for VMware vSphere"},{"burt":"1476046","jira":"","product":"Cloud Volumes ONTAP Mediator"},{"burt":"1476044","jira":"","product":"FAS/AFF Baseboard Management Controller (BMC) - A900/9500"},{"burt":"1476047","jira":"","product":"Inventory Collect Tool"},{"burt":"1476048","jira":"","product":"Management Services for Element Software and NetApp HCI"},{"burt":"1476049","jira":"","product":"NetApp Converged Systems Advisor Agent"},{"burt":"1476050","jira":"","product":"NetApp E-Series Performance Analyzer"},{"burt":"1476061","jira":"","product":"NetApp HCI Compute Node (Bootstrap OS)"},{"burt":"1476062","jira":"","product":"NetApp SolidFire & HCI Storage Node (Element Software)"},{"burt":"1476053","jira":"","product":"NetApp XCP NFS"},{"burt":"1476052","jira":"","product":"NetApp XCP SMB"},{"burt":"1524221","jira":"","product":"ONTAP 9 (formerly Clustered Data ONTAP)"},{"burt":"1476058","jira":"","product":"ONTAP Mediator"},{"burt":"1476059","jira":"","product":"ONTAP Select Deploy administration utility"},{"burt":"1476060","jira":"","product":"SnapCenter"},{"burt":"1476064","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":["https://bugs.python.org/issue24778"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20220616","version":"1.0"},{"comment":"ONTAP Select Deploy administration utility moved to Affected Products","date":"20220701","version":"2.0"},{"comment":"Active IQ Unified Manager for Microsoft Windows added to Software Versions and Fixes and Workarounds","date":"20220919","version":"3.0"},{"comment":"Active IQ Unified Manager for Microsoft Windows added to Software Versions and Fixes","date":"20220926","version":"4.0"},{"comment":"ONTAP 9 (formerly Clustered Data ONTAP) moved to Products Not Affected","date":"20230117","version":"5.0"},{"comment":"Active IQ Unified Manager for Microsoft Windows added to Software Versions and Fixes","date":"20230207","version":"6.0"},{"comment":"ONTAP Select Deploy administration utility moved to Affected Products","date":"20230516","version":"7.0"},{"comment":"ONTAP Select Deploy administration utility added to Software Versions and Fixes","date":"20240307","version":"8.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2015-20107":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"},"kb_scoring_calc":[{"cve_id":"CVE-2015-20107","range":"HIGH","score":7.6,"vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L"}],"kb_status":"Interim","kb_summary":"Multiple NetApp products incorporate Python. Python (aka CPython) versions through 3.10.4 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_title":"CVE-2015-20107 Python Vulnerability in NetApp Products","kb_unaffected_list":["AFF Baseboard Management Controller (BMC) - A700s","ATTO FibreBridge - 7500N","ATTO FibreBridge - 7600N","Active IQ Unified Manager for Linux","Active IQ mobile app","Astra Control Center","Astra Control Center - Cloud Insights Telegraf Agent","Astra Control Center - NetApp Kubernetes Monitoring Operator","Astra Trident","Astra Trident Autosupport","BlueXP Classification","Brocade Fabric Operating System Firmware","Brocade SAN Navigator (SANnav)","Cloud Insights Acquisition Unit","Cloud Insights Storage Workload Security Agent","Cloud Insights Telegraf Agent","Cloud Volumes ONTAP Mediator","E-Series BIOS","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Unified Manager and Web Services Proxy","Element .NET SDK","Element HealthTools","Element JAVA SDK","Element Plug-in for vCenter Server","Element Powershell Tools","Element Python SDK","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - A250/500f/C250","FAS/AFF Baseboard Management Controller (BMC) - A900/9500","FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750","Global File Cache","Host Utilities - SAN for Linux","Host Utilities - SAN for Windows","IOM6 SAS Disk Shelf Firmware","Inventory Collect Tool","Management Services for Element Software and NetApp HCI","MetroCluster Tiebreaker for clustered Data ONTAP","Multipath I/O (SANtricity DSM for Windows MPIO)","NetApp BlueXP","NetApp Converged Systems Advisor Agent","NetApp E-Series Host Collection","NetApp E-Series Performance Analyzer","NetApp E-Series SANtricity Collection","NetApp HCI Baseboard Management Controller (BMC) - H300S/H500S/H700S/H410S","NetApp HCI Baseboard Management Controller (BMC) - H410C","NetApp HCI Baseboard Management Controller (BMC) - H610C","NetApp HCI Baseboard Management Controller (BMC) - H610S","NetApp HCI Baseboard Management Controller (BMC) - H615C","NetApp HCI Compute Node (Bootstrap OS)","NetApp HCI Compute Node BIOS","NetApp HCI Storage Node BIOS","NetApp Kubernetes Monitoring Operator","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SolidFire & HCI Management Node","NetApp SolidFire & HCI Storage Node (Element Software)","NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)","NetApp XCP NFS","NetApp XCP SMB","ONTAP 9 (formerly Clustered Data ONTAP)","ONTAP Antivirus Connector","ONTAP Mediator","ONTAP tools for VMware vSphere 9","OnCommand Insight","OnCommand Workflow Automation","SANtricity Storage Plugin for vCenter","SRA Plugin for Linux","SRA Plugin for Windows","Single Mailbox Recovery","Snap Creator Framework","SnapCenter Plug-in for VMware vSphere/BlueXP backup and Recovery for Virtual Machine","SnapManager for Hyper-V","SolidFire Storage Replication Adapter","StorageGRID (formerly StorageGRID Webscale)","StorageGRID BIOS SG1000/SG100","StorageGRID BIOS SG5660/SG5612/SG5760/SG5712","StorageGRID BIOS SG6060/SGF6024/SGF6112","StorageGRID Baseboard Management Controller (BMC)","System Manager 9.x"],"kb_workarounds":"Active IQ Unified Manager for Microsoft Windows: <br>\r\nPython is installed for convenience and may be upgraded as needed.\r\n","ntap_advisory_id":"NTAP-20220616-0001","adv_id":"ntap-20220616-0001","published_date":"2022-06-16T00:00:00","updated_date":"2024-03-07T00:00:00","inserted_date":"2025-05-27T05:01:49.892000","modified_date":null}}