CVE-2018-5490

Summary

Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release.

Affected Software

VendorProductVersion RangeStatus
NetAppClustered Data ONTAP8.3 Release Candidate versionsaffected

Weaknesses

  • Unauthorized Write Access

ADP Enrichment

CVE Program Container

Additional References

References