{"status":"success","advisory":{"_id":"6883702384dd65bd15e394ef","kb_acknowledgements":null,"kb_affected_list":["Active IQ Unified Manager for Linux","Active IQ Unified Manager for VMware vSphere","NetApp Service Level Manager","OnCommand Insight","SnapCenter","SnapCenter Plug-in for VMware vSphere"],"kb_bad_data":false,"kb_cve":["CVE-2019-10086"],"kb_exploitation":"Public","kb_fixes":[{"product":"SnapCenter Plug-in for VMware vSphere","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/scv/downloads-tab/download/63240/4.3","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"NetApp Service Level Manager","fixes":[{"link":"https://mysupport.netapp.com/site/products/mine/details/5d9f1100e01d9c0001ee4d45/0/download/62384/1.3/","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"OnCommand Insight","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/oncommand-insight/downloads-tab/download/60983/7.3.10/downloads","cves":[]}],"instructions":"","wontfix":false,"eos_link":null},{"product":"SnapCenter","fixes":[{"link":"https://mysupport.netapp.com/site/products/all/details/snapcenter/downloads-tab/download/62018/4.4P1","cves":[]},{"link":"https://mysupport.netapp.com/site/products/all/details/snapcenter/downloads-tab/download/62018/4.5","cves":[]}],"instructions":"","wontfix":false,"eos_link":null}],"kb_impact":"Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_internal_notes":[{"burt":"","jira":"CAIQUM-7520","product":"Active IQ Unified Manager for Linux"},{"burt":"","jira":"CAIQUM-7521","product":"Active IQ Unified Manager for Microsoft Windows"},{"burt":"","jira":"CAIQUM-7522","product":"Active IQ Unified Manager for VMware vSphere"},{"burt":"","jira":"ICI-16638","product":"Data Infrastructure Insights Storage Workload Security Agent (formerly Cloud Insights Storage Workload Security Agent)"},{"burt":"","jira":"PSIRT-19121","product":"Element Plug-in for vCenter Server"},{"burt":"","jira":"PSIRT-19124","product":"Management Services for Element Software and NetApp HCI"},{"burt":"","jira":"CMCCTB-108","product":"MetroCluster Tiebreaker"},{"burt":"","jira":"PSIRT-19125","product":"NetApp Console"},{"burt":"1264431","jira":"","product":"NetApp Data Availability Services "},{"burt":"","jira":"CNMSDK-129","product":"NetApp Manageability SDK"},{"burt":"1264433","jira":"","product":"NetApp Service Level Manager"},{"burt":"","jira":"CDEPLOY-3503","product":"ONTAP Select Deploy administration utility"},{"burt":"","jira":"PSIRT-19126","product":"ONTAP tools for VMware vSphere 10"},{"burt":"","jira":"COTVC-1913","product":"ONTAP tools for VMware vSphere 9"},{"burt":"","jira":"ICI-6531","product":"OnCommand Insight"},{"burt":"","jira":"CSCF-1441","product":"Snap Creator Framework"},{"burt":"1349886","jira":"","product":"SnapCenter"},{"burt":"1264432","jira":"","product":"SnapCenter Plug-in for VMware vSphere"},{"burt":"1314209","jira":"","product":"SolidFire Storage Replication Adapter"},{"burt":"1264434","jira":"","product":"StorageGRID (formerly StorageGRID Webscale)"}],"kb_investigating_list":[],"kb_num":"9010000","kb_ref":["http://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt"],"kb_rev_history":[{"comment":"Initial Public Release","date":"20250725","version":"1.0"},{"comment":"ONTAP Select Deploy administration utility moved to Products Not Affected","date":"20250725","version":"2.0"},{"comment":"Data Infrastructure Insights Storage Workload Security Agent (formerly Cloud Insights Storage Workload Security Agent) moved to Products Not Affected","date":"20250728","version":"3.0"},{"comment":"Management Services for Element Software and NetApp HCI moved to Products Not Affected","date":"20250730","version":"4.0"},{"comment":"NetApp BlueXP moved to Products Not Affected","date":"20250801","version":"5.0"},{"comment":"Snap Creator Framework moved to Products Not Affected","date":"20250804","version":"6.0"},{"comment":"ONTAP tools for VMware vSphere 9 moved to Products Not Affected","date":"20250819","version":"7.0"},{"comment":"Active IQ Unified Manager for Linux moved to Affected Products, Active IQ Unified Manager for Microsoft Windows and Active IQ Unified Manager for Microsoft Windows moved to Products Not Affected","date":"20250910","version":"8.0"},{"comment":"Active IQ Unified Manager for VMware vSphere moved to Affected Products","date":"20250915","version":"9.0"},{"comment":"MetroCluster Tiebreaker moved to Products Not Affected","date":"20251113","version":"10.0"},{"comment":"ONTAP tools for VMware vSphere 10 moved to Products Not Affected","date":"20260227","version":"11.0"},{"comment":"Corrected SnapCenter fix link","date":"20260331","version":"12.0"},{"comment":"SnapCenter is moved to Affected and Fixed","date":"20260401","version":"13.0"}],"kb_revised_list":[],"kb_scoring":{"CVE-2019-10086":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},"kb_scoring_calc":[{"cve_id":"CVE-2019-10086","range":"HIGH","score":7.3,"vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"kb_status":"Interim","kb_summary":"Multiple NetApp products incorporate Apache Commons Beanutils. Apache Commons Beanutils versions through 1.9.3 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).","kb_title":"CVE-2019-10086 Apache Commons Beanutils Vulnerability in NetApp Products","kb_unaffected_list":["AFF Baseboard Management Controller (BMC) - A700s","Active IQ Unified Manager for Microsoft Windows","Active IQ mobile app","Brocade Fabric Operating System Firmware","Data Infrastructure Insights Storage Workload Security Agent (formerly Cloud Insights Storage Workload Security Agent)","E-Series SANtricity OS Controller Software 11.x","E-Series SANtricity Unified Manager and Web Services Proxy","Element HealthTools","Element Plug-in for vCenter Server","FAS/AFF BIOS - 8300/8700/A400/C400","FAS/AFF Baseboard Management Controller (BMC) - C190/A150/A220/FAS2720/FAS2750","Management Services for Element Software and NetApp HCI","MetroCluster Tiebreaker","NetApp Console","NetApp Data Availability Services ","NetApp Manageability SDK","NetApp NFS Plug-in for VMware VAAI","NetApp ONTAP PowerShell Toolkit (PSTK)","NetApp SMI-S Provider","NetApp SolidFire & HCI Management Node","NetApp SolidFire & HCI Storage Node (Element Software)","NetApp SolidFire Plug-in for vRealize Orchestrator (SolidFire vRO)","ONTAP 9","ONTAP Antivirus Connector","ONTAP Select Deploy administration utility","ONTAP tools for VMware vSphere 10","ONTAP tools for VMware vSphere 9","SAN Host Utilities for Linux","SAN Host Utilities for Windows","Single Mailbox Recovery","Snap Creator Framework","SolidFire Storage Replication Adapter","StorageGRID (formerly StorageGRID Webscale)","StorageGRID Baseboard Management Controller (BMC) - SG6160/SGF6112/SG110/SG1100","System Manager 9.x","Trident"],"kb_workarounds":"None at this time.","ntap_advisory_id":"NTAP-20250725-0005","adv_id":"ntap-20250725-0005","published_date":"2025-07-25T00:00:00","updated_date":"2026-04-01T00:00:00","inserted_date":"2026-04-01T21:59:42.507000","modified_date":null}}