Vulnerabilities > CVE-2022-23235 - Unspecified vulnerability in Netapp Active IQ Unified Manager

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

netapp

NVD

Published: 2022-08-25

Updated: 2023-08-08

Summary

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.

Vulnerable Configurations

Part	Description	Count
Application	Netapp Netapp Active IQ Unified Manager 9.10 Netapp Active IQ Unified Manager - Netapp Active IQ Unified Manager 9.5 Netapp Active IQ Unified Manager 9.6 Netapp Active IQ Unified Manager 7.3	13

References

https://security.netapp.com/advisory/ntap-20220324-0001/