Vulnerabilities > CVE-2015-3292 - Code vulnerability in Netapp Oncommand Workflow Automation 2.2.1/3.0

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

netapp

CWE-17

exploit available

NVD

Published: 2015-05-31

Updated: 2016-12-03

Summary

The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Netapp Netapp Oncommand Workflow Automation 3.0 Netapp Oncommand Workflow Automation - Netapp Oncommand Workflow Automation 2.2.1	3

Common Weakness Enumeration (CWE)

CWE-17 - Code

Exploit-Db

description	Java Debug Wire Protocol Remote Code Execution. CVE-2015-3292. Remote exploits for multiple platform
id	EDB-ID:33789
last seen	2016-02-03
modified	2014-06-17
published	2014-06-17
reporter	metasploit
source	https://www.exploit-db.com/download/33789/
title	Java Debug Wire Protocol Remote Code Execution

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References