CVE-2018-5489
Last modified
CVE-2018-5489 is a vulnerability of currently unknown severity. NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. EPSS estimates a 0.75% chance of exploitation in the next 30 days.
Description
NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Netapp | 7-Mode Transition Tool | < 2.0 |
References
- https://security.netapp.com/advisory/ntap-20150323-0001/Vendor Advisory
- https://security.netapp.com/advisory/ntap-20150323-0001/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-5489?
How severe is CVE-2018-5489?
How do I fix CVE-2018-5489?
Are you affected by CVE-2018-5489?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST