Out-of-bounds Read in Netapp Active_iq_unified_manager
CVE-2020-24977
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
Vulnerability class: Buffer Overflow
EPSS: 0.038 (88.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L.
Affected products
- Netapp Active_iq_unified_manager
- Netapp Clustered_data_ontap
- Netapp Clustered_data_ontap_antivirus_connector
- Netapp Hci_h410c
- Netapp Hci_h410c_firmware
- Netapp Inventory_collect_tool
- Netapp Manageability_software_development_kit
- Netapp Snapdrive
- Oracle Communications_cloud_native_core_network_function_cloud_native_environment — versions 1.10.0
- Oracle Enterprise_manager_base_platform — versions 13.4.0.0, 13.5.0.0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- cve@mitre.org (Exploit, Patch, x_refsource_MISC, Issue Tracking, Vendor Advisory)
- cve@mitre.org (mailing-list, x_refsource_MLIST, Third Party Advisory)
- cve@mitre.org (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- cve@mitre.org (x_refsource_FEDORA, vendor-advisory)
- cve@mitre.org (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- cve@mitre.org (x_refsource_FEDORA, vendor-advisory)
- cve@mitre.org (x_refsource_FEDORA, vendor-advisory)
- cve@mitre.org (x_refsource_FEDORA, vendor-advisory)
- cve@mitre.org (x_refsource_FEDORA, vendor-advisory)
- cve@mitre.org (x_refsource_FEDORA, vendor-advisory)
Frequently asked questions
- What is CVE-2020-24977?
- CVE-2020-24977 is a medium-severity vulnerability in Netapp Active_iq_unified_manager, classified under Out-of-bounds Read. CVSS score: 6.5/10. Published 2020-09-04.
- How severe is CVE-2020-24977?
- Medium severity. CVSS v3 base score is 6.5 out of 10.
- Is CVE-2020-24977 known to be exploited?
- 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.