CVE-2018-5489
CVE-2018-5489 is a medium-severity vulnerability in Netapp 7-mode Transition Tool with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-863.
Key facts
- Severity: Medium (CVSS 3.x base score 6.5)
- CVSS v2: 4.0
- EPSS exploit prediction: 1% (51st percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-863
- Affected product: Netapp 7-mode Transition Tool
- Published:
- Last modified:
Description
NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities.
Frequently asked questions
- What is CVE-2018-5489?
- NetApp 7-Mode Transition Tool allows users with valid credentials to access functions and information which may have been intended to be restricted to administrators or privileged users. 7MTT versions below 2.0 do not enforce user authorization rules on file information and status that it has previously collected. The released version of 7MTT has been updated to maintain and verify authorization rules for file information, status and utilities.
- How severe is CVE-2018-5489?
- CVE-2018-5489 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2018-5489 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (51st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2018-5489?
- CVE-2018-5489 affects Netapp 7-mode Transition Tool. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2018-5489?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2018-5489 published?
- CVE-2018-5489 was published on 2018-08-03 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:netapp:7-mode_transition_tool:*:*:*:*:*:*:*:*
More vulnerabilities in Netapp 7-mode Transition Tool
- CVE-2016-8735 — Critical (CVSS 9.8): Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before…
- CVE-2020-14664 — High (CVSS 8.3): Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is…
- CVE-2020-14583 — High (CVSS 8.3): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions…
- CVE-2020-2805 — High (CVSS 8.3): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions…
- CVE-2020-2803 — High (CVSS 8.3): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions…
- CVE-2017-12615 — High (CVSS 8.1): When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly…
All CVEs affecting Netapp 7-mode Transition Tool →
Other CWE-863 (Incorrect Authorization) vulnerabilities
- CVE-2026-48286 — Critical (CVSS 10.0): Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization…
- CVE-2026-48303 — Critical (CVSS 10.0): Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization…
- CVE-2026-44330 — Critical (CVSS 10.0): free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the…
- CVE-2026-46595 — Critical (CVSS 10.0): Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of…
- CVE-2026-33105 — Critical (CVSS 10.0): Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over…
- CVE-2026-32213 — Critical (CVSS 10.0): Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
Browse all CWE-863 (Incorrect Authorization) vulnerabilities →