Please note: This website includes an accessibility system. Press Control-F11 to adjust the website to the visually impaired who are using a screen reader; Press Control-F10 to open an accessibility menu.

NetApp Active IQ Unified Manager Information Disclosure Vulnerability

NetApp Active IQ Unified Manager Information Disclosure Vulnerability

NetApp Active IQ Unified Manager Information Disclosure Vulnerability

Lenovo Security Advisory: LEN-84079

Potential Impact: Information disclosure

Severity: Low

Scope of Impact: Industry-wide

CVE Identifier: CVE-2022-23235

 

Summary Description:

NetApp reported that NetApp Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and NetApp Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.

 

Mitigation Strategy for Customers (what you should do to protect yourself):

NetApp recommends updating NetApp Active IQ Unified Manager to the version (or later) described in the Product Impact section below.

NetApp has also provided workaround guidance here: https://kb.netapp.com/Advice_and_Troubleshooting/Data_Infrastructure_Management/Active_IQ_Unified_Manager/Active_IQ_Unified_Manager_CVE-2022-23235_Vulnerability_Workaround

 

Product Impact:

To download the version specified for your product below, follow these steps:

Navigate to the Drivers & Software support site for your product:

  1. Search for your product by name or machine type.
  2. Click Drivers & Software on the left menu panel.
  3. Click on Manual Update to browse by Component type.
  4. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.

Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:

PC Products and Software: https://support.lenovo.com/us/en/solutions/ht504759

Server and Enterprise Software: https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd and https://datacentersupport.lenovo.com/us/en/documents/lnvo-center

 

Click below links to view affected products:

Storage

 

References:

https://security.netapp.com/advisory/ntap-20220324-0001/

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Infrastructure_Management/Active_IQ_Unified_Manager/Active_IQ_Unified_Manager_CVE-2022-23235_Vulnerability_Workaround

 

Revision History:

Revision Date Description
2 2022-05-10 Updated Product Impact
1 2022-04-12 Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

 

Product Impact:

Storage

Product Component Minimum Fixed Version
DM120S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series 9.10.1
DM120S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series 9.10.1
DM120S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series 9.10.1
DM240S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series 9.10.1
DM240S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series 9.10.1
DM240S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series 9.10.1
DM3000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series 9.10.1
DM3000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series 9.10.1
DM3000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series 9.10.1
DM5000F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series 9.10.1
DM5000F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series 9.10.1
DM5000F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series 9.10.1
DM5000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series 9.10.1
DM5000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series 9.10.1
DM5000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series 9.10.1
DM5100F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series 9.10.1
DM5100F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series 9.10.1
DM5100F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series 9.10.1
DM600S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series 9.10.1
DM600S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series 9.10.1
DM600S (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series 9.10.1
DM7000F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series 9.10.1
DM7000F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series 9.10.1
DM7000F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series 9.10.1
DM7000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series 9.10.1
DM7000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series 9.10.1
DM7000H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series 9.10.1
DM7100F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series 9.10.1
DM7100F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series 9.10.1
DM7100F (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series 9.10.1
DM7100H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Linux for DM Series 9.10.1
DM7100H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for VMware for DM Series 9.10.1
DM7100H (ThinkSystem) ThinkSystem Intelligent Monitoring Unified Manager for Windows for DM Series 9.10.1

Alias Id:LEN-84079
Document ID:PS500484
Original Publish Date:04/12/2022
Last Modified Date:05/09/2022