漏洞关键信息 Advisory ID: NTAP-20200511-0004 Version: 14.0 Last Updated: 12/02/2020 Status: Final CVEs: CVE-2020-11619, CVE-2020-11620 Summary Multiple NetApp products incorporate FasterXML jackson-databind. FasterXML jackson-databind versions 2.x prior to 2.9.10.4 are susceptible to vulnerabilities which, when successfully exploited, could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Impact Successful exploitation of these vulnerabilities could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). Vulnerability Scoring Details CVE: CVE-2020-11619 CVSS Score: Vector: CVE: CVE-2020-11620 CVSS Score: Vector: Exploitation and Public Discussion NetApp is aware of public discussions regarding these vulnerabilities. References NetApp will continue to update this advisory as additional information becomes available.