CyberSec.Space Logo
CVEブラウザに戻る

CVE-2018-5490

HIGH
8.8
CVSS Severity Score
EPSS Score0.1850%
EPSS Percentile26.06th
Published2018年8月3日
Last Modified2024年11月21日

Vulnerability Description

Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release.

Affected Platforms (CPE)

📦
Netapp

Clustered Data Ontap

< 8.3

References & Advisories

🔗 https://security.netapp.com/advisory/ntap-20150324-0001/
🔗 https://security.netapp.com/advisory/ntap-20150324-0001/

関連する脆弱性情報

CVE-2016-66679.8

NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows rem...

CVE-2017-124208.8

Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote...

CVE-2017-124218.8

NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authenticated users to execute arbitrary code on the storage contr...

CVE-2016-69048.1

Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 contain a web server that accepts plain text authentication. Thi...