Vulnerabilites related to NetApp - Clustered Data ONTAP
CVE-2018-5490 (GCVE-0-2018-5490)
Vulnerability from cvelistv5
Published
2018-08-03 19:00
Modified
2024-09-16 17:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Unauthorized Write Access
Summary
Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | Clustered Data ONTAP |
Version: 8.3 Release Candidate versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:50.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20150324-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Clustered Data ONTAP",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "8.3 Release Candidate versions"
}
]
}
],
"datePublic": "2015-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than \"read-only\" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized Write Access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-03T18:57:01",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20150324-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"DATE_PUBLIC": "2015-03-24T00:00:00",
"ID": "CVE-2018-5490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Clustered Data ONTAP",
"version": {
"version_data": [
{
"version_value": "8.3 Release Candidate versions"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than \"read-only\" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized Write Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20150324-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20150324-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2018-5490",
"datePublished": "2018-08-03T19:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T17:22:52.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5498 (GCVE-0-2018-5498)
Vulnerability from cvelistv5
Published
2019-02-01 16:00
Modified
2024-09-17 01:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | Clustered Data ONTAP |
Version: Versions 9.0 and higher |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:50.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190115-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Clustered Data ONTAP",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "Versions 9.0 and higher"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-01T15:57:01",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190115-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"DATE_PUBLIC": "2019-01-15T00:00:00",
"ID": "CVE-2018-5498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Clustered Data ONTAP",
"version": {
"version_data": [
{
"version_value": "Versions 9.0 and higher"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clustered Data ONTAP versions 9.0 through 9.4 are susceptible to a vulnerability which allows remote authenticated attackers to cause a Denial of Service (DoS) in NFS and SMB environments. Exploitation of this vulnerability will allow a remote authenticated attacker to cause a Denial of Service (DoS) on affected versions of clustered Data ONTAP configured for multiprotocol access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20190115-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190115-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2018-5498",
"datePublished": "2019-02-01T16:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-17T01:41:44.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5497 (GCVE-0-2018-5497)
Vulnerability from cvelistv5
Published
2019-01-24 20:00
Modified
2024-09-17 01:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | Clustered Data ONTAP |
Version: Versions prior to 9.1P16, 9.3P10 and 9.4P5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:50.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190109-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Clustered Data ONTAP",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "Versions prior to 9.1P16, 9.3P10 and 9.4P5"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-24T19:57:01",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190109-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"DATE_PUBLIC": "2019-01-09T00:00:00",
"ID": "CVE-2018-5497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Clustered Data ONTAP",
"version": {
"version_data": [
{
"version_value": "Versions prior to 9.1P16, 9.3P10 and 9.4P5"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clustered Data ONTAP versions prior to 9.1P16, 9.3P10 and 9.4P5 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20190109-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190109-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2018-5497",
"datePublished": "2019-01-24T20:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-17T01:31:48.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5491 (GCVE-0-2019-5491)
Vulnerability from cvelistv5
Published
2019-02-27 17:00
Modified
2024-09-16 17:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NetApp | Clustered Data ONTAP |
Version: Versions 9.0 and higher |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:53.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190227-0001/"
},
{
"name": "107183",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107183"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Clustered Data ONTAP",
"vendor": "NetApp",
"versions": [
{
"status": "affected",
"version": "Versions 9.0 and higher"
}
]
}
],
"datePublic": "2019-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-28T10:57:01",
"orgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"shortName": "netapp"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190227-0001/"
},
{
"name": "107183",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107183"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"DATE_PUBLIC": "2019-02-27T00:00:00",
"ID": "CVE-2019-5491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Clustered Data ONTAP",
"version": {
"version_data": [
{
"version_value": "Versions 9.0 and higher"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clustered Data ONTAP versions prior to 9.1P15 and 9.3 prior to 9.3P7 are susceptible to a vulnerability which discloses sensitive information to an unauthenticated user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20190227-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190227-0001/"
},
{
"name": "107183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107183"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d",
"assignerShortName": "netapp",
"cveId": "CVE-2019-5491",
"datePublished": "2019-02-27T17:00:00Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-16T17:08:32.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}