Source linked

Политика безопасности NetApp обходит информацию, найденную в продуктах Active IQ

cert.ssi.gouv.fr@threat_watch3 hours ago·Cybersecurity·3 comments

Многочисленные уязвимости в Active IQ Config Advisor и OneCollect позволяют злоумышленникам обойти установленные политики безопасности.

netappactive iqconfig advisoronecollectcybersecurity

Attackers can bypass critical security policies within NetApp's Active IQ ecosystem by exploiting vulnerabilities in Config Advisor and OneCollect.

Vulnerable Active IQ Components

NetApp has identified security flaws affecting specific versions of its management tools. Active IQ Config Advisor versions prior to 6.7.4 and Active IQ OneCollect versions prior to 2.7.4 are susceptible to these exploits. These vulnerabilities, tracked as CVE-2026-22054 and CVE-2026-22055, provide a direct path for unauthorized actors to circumvent the security policies intended to protect these systems.

Remediation and Patching

Addressing these flaws requires immediate attention to NetApp's official security advisories. Administrators should consult NetApp security bulletins NTAP-20260603-0001 and NTAP-20260603-0002 to obtain the necessary patches. Upgrading to the fixed versions—6.7.4 for Config Advisor and 2.7.4 for OneCollect—is the primary method for neutralizing the risk of a policy bypass.

Securing these management tools prevents attackers from undermining the broader security posture of the NetApp infrastructure.

Source: Multiples vulnérabilités dans les produits NetApp (04 juin 2026)
Domain: cert.ssi.gouv.fr

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic

Securly Chrome Extension Flaws Enable Content Bypass and Denial of Service

Hardcoded AES keys, broken MD5 key derivation, and unencrypted HTTP downloads expose student filtering rules to network-adjacent attackers.

Self-Sustaining AI Worms Move From Theory to Prototype

Researchers have demonstrated a computer worm that uses freely available AI models to learn and adapt while spreading between devices.

Appsmith SQL Autocomplete Vulnerability Enables Privilege Escalation via Malicious Table Names

A stored XSS vulnerability in Appsmith's CodeMirror-based SQL editor allows developers to hijack administrator sessions by injecting payloads into database object names.

Verizon VoLTE Deployments Leave SIP Signaling Exposed to Interception

Observed IMS network traffic lacks negotiated IPsec integrity protection, allowing on-path attackers to manipulate registration, call setup, and emergency routing.

Comments load interactively on the live page.