What are you looking for ?
Mobile Search Icon
Mobile Menu Icon
Advertise with us
RAIDON

Security Advisory: CVE-2022-33980 Apache Commons Configuration Vulnerability in NetApp Products

Concerning Apache commons configuration, vulnerability in products

This is a Press Release edited by StorageNewsletter.com on November 3, 2022 at 3:03 pm

NetApp,Inc. had published a security advisory concerning Apache commons configuration vulnerability in company’s products .

This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.

Advisory ID: NTAP-20221028-0015
Version: 1.0
Last updated: 10/28/2022
Status: Final.
CVEs: CVE-2022-33980

Summary
Multiple NetApp products incorporate Apache Commons Configuration. Apache Commons Configuration versions 2.4 prior to 2.8 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).

Affected product

  • SnapCenter

Impact
Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).

Vulnerability scoring details

CVE Score Vector

CVE-2022-33980

9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation and public announcements
NetApp is aware of public discussion of this vulnerability.

References
https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s

Remediation
Software versions and fixes
NetApp’s currently available patches are listed below.

Product

First fixed in release

SnapCenter

https://mysupport.netapp.com/site/products/all/details/snapcenter/downloads-tab/download/62018/4.7

Workarounds: None at this time.

Obtaining software fixes
Software fixes will be made available through the NetApp Support website in the Software Download section.

https://mysupport.netapp.com/site/downloads/

Customers who do not have access to the Support website should contact Technical Support at the number below to obtain the patches.

Contact Information
Check http://mysupport.netapp.com for further updates.
For questions, contact NetApp at Technical support:
mysupport.netapp.com
1 888 4 NETAPP (1 888 463 8277) (U.S. and Canada)
+00 800 44 638277 (EMEA/Europe)
+800 800 80 800 (AsiaPac)

Status of this notice : Final

This advisory should be considered the single source of current, up-to-date, authorized and accurate information from NetApp regarding Full Support products and versions.

This advisory is posted at the following link:
https://security.netapp.com/advisory/NTAP-20221028-0015

Revision history

Revision #

Date

Comments

1.0

20221028

Initial public release, final status
Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E