Vulnerability in Netapp Active_iq_unified_manager
CVE-2022-0391
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characte…
EPSS: 0.083 (94.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.
Affected products
- Netapp Active_iq_unified_manager
- Netapp Hci
- Netapp Hci_compute_node
- Netapp Management_services_for_element_software
- Netapp Ontap_select_deploy_administration_utility
- Netapp Solidfire\,_enterprise_sds_\&_hci_storage_node
- Oracle Http_server — versions 12.2.1.3.0, 12.2.1.4.0
- Oracle Zfs_storage_appliance_kit — versions 8.8
- Python — versions 3.10.0
- Fedoraproject Fedora — versions 34, 35
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (Exploit, Patch, Issue Tracking, Vendor Advisory)
- secalert@redhat.com (vendor-advisory)
- secalert@redhat.com (vendor-advisory)
- secalert@redhat.com (Patch, Third Party Advisory)
- secalert@redhat.com (Third Party Advisory)
- secalert@redhat.com (vendor-advisory)
- secalert@redhat.com (mailing-list)
- af854a3a-2127-422b-91ae-364da2661108
- af854a3a-2127-422b-91ae-364da2661108
Frequently asked questions
- What is CVE-2022-0391?
- CVE-2022-0391 is a high-severity vulnerability in Netapp Active_iq_unified_manager, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 7.5/10. Published 2022-02-09.
- How severe is CVE-2022-0391?
- High severity. CVSS v3 base score is 7.5 out of 10.
- Is CVE-2022-0391 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.