CVE-2015-3292
Summary
| CVE | CVE-2015-3292 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-05-31 17:59:04 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Netapp | Oncommand Workflow Automation | 3.0 | All | All | All |
| Application | Netapp | Oncommand Workflow Automation | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Page not found - NetApp Knowledgebase | af854a3a-2127-422b-91ae-364da2661108 | kb.netapp.com | Vendor Advisory |
| NetApp OnCommand Workflow Automation CVE-2015-3292 Remote Code Execution Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.