CVE-2016-5374

CWE-2643 documents3 sources
Severity
8.8HIGH
EPSS
0.4%
top 40.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Netapp Data Ontap
Timeline
PublishedMar 1
Latest updateMay 17

Description

NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

โ–ถNVDnetapp/data_ontap9.0, 9.1+1

Patches

Patch: kb.netapp.com โ†—Patch: kb.netapp.com โ†—

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-9jp7-fj22-5p6r: NetApp Data ONTAP 9โ†—2022-05-17
โ–ถ
CVEList
CVE-2016-5374: NetApp Data ONTAP 9โ†—2017-03-01
โ–ถ
CVE-2016-5374 (HIGH CVSS 8.8) | NetApp Data ONTAP 9.0 and 9.1 befor | cvebase.io