CVE-2015-7746

critical

Published 2017-09-01 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

7.5

VIR risk

9.8

Description

NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://kb.netapp.com/support/index?page=content&id=9010049

References

https://kb.netapp.com/support/index?page=content&id=9010049
https://kb.netapp.com/support/index?page=content&id=9010049

CWEs

CWE-287

Verify integrity in audit chain (admin only). AS-IS.