Description
Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. This behavior has been resolved in the GA release. Customers running prior release candidates (RCs) are requested to update their systems to the NetApp Data ONTAP 8.3 GA release.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20150324-0001/
Scores
CVSS v3
8.8
EPSS
0.0030
EPSS Percentile
53.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
netapp/clustered_data_ontap
< 8.3
Published
Aug 03, 2018
Tracked Since
Feb 18, 2026