Skip to main content

7 Mode Transition Tool CVE-2018-5489

MEDIUM
Incorrect Authorization (CWE-863)
2018-08-03 security-alert@netapp.com
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 03, 2018 - 13:29 nvd
MEDIUM 6.5

DescriptionNVD

NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities.

AnalysisAI

NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities. Affected products include: Netapp 7-Mode Transition Tool.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.

CVE-2022-34169 HIGH POC
7.5 Jul 19

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT styleshee

CVE-2020-14664 HIGH
8.3 Jul 15

Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). Rated high severity (CVSS 8.3), this vulnera

CVE-2020-14583 HIGH
8.3 Jul 15

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CV

CVE-2020-2805 HIGH
8.3 Apr 15

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CV

CVE-2020-2803 HIGH
8.3 Apr 15

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CV

CVE-2023-28709 HIGH
7.5 May 22

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 a

CVE-2022-21449 HIGH
7.5 Apr 19

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).

CVE-2020-2816 HIGH
7.5 Apr 15

Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.5), this vulnerabi

CVE-2023-21930 HIGH
7.4 Apr 18

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rate

CVE-2020-14593 HIGH
7.4 Jul 15

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated high severity (CVSS 7.4)

CVE-2022-21340 MEDIUM
5.3 Jan 19

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).

CVE-2023-21967 MEDIUM
5.9 Apr 18

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rate

Share

CVE-2018-5489 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy