CVE-2012-1843

Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:quantum:scalar_i500_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:quantum:scalar_i500_firmware:i2:*:*:*:*:*:*:*
cpe:2.3:a:quantum:scalar_i500_firmware:i3:*:*:*:*:*:*:*
cpe:2.3:a:quantum:scalar_i500_firmware:i3.1:*:*:*:*:*:*:*
cpe:2.3:a:quantum:scalar_i500_firmware:i4:*:*:*:*:*:*:*
cpe:2.3:a:quantum:scalar_i500_firmware:i5:*:*:*:*:*:*:*
cpe:2.3:a:quantum:scalar_i500_firmware:i5.1:*:*:*:*:*:*:*
cpe:2.3:a:quantum:scalar_i500_firmware:i6:*:*:*:*:*:*:*
cpe:2.3:a:quantum:scalar_i500_firmware:i6.1:*:*:*:*:*:*:*
cpe:2.3:a:quantum:scalar_i500_firmware:i7:*:*:*:*:*:*:*
cpe:2.3:a:quantum:scalar_i500_firmware:i7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:quantum:scalar_i500_firmware:sp4:*:*:*:*:*:*:*
cpe:2.3:a:quantum:scalar_i500_firmware:sp4.2:*:*:*:*:*:*:*
OR cpe:2.3:h:quantum:scalar_i500:5u:*:*:*:*:*:*:*
cpe:2.3:h:quantum:scalar_i500:14u:*:*:*:*:*:*:*
cpe:2.3:h:quantum:scalar_i500:23u:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:dell:powervault_ml6000_firmware:585g.gs003:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:powervault_ml6000:32u:*:*:*:*:*:*:*
cpe:2.3:h:dell:powervault_ml6000:41u:*:*:*:*:*:*:*
cpe:2.3:h:dell:powervault_ml6010:5u:*:*:*:*:*:*:*
cpe:2.3:h:dell:powervault_ml6020:14u:*:*:*:*:*:*:*
cpe:2.3:h:dell:powervault_ml6030:23u:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-03-22 10:17

Updated : 2024-02-28 12:00


NVD link : CVE-2012-1843

Mitre link : CVE-2012-1843

CVE.ORG link : CVE-2012-1843


JSON object : View

Products Affected

dell

  • powervault_ml6010
  • powervault_ml6000_firmware
  • powervault_ml6020
  • powervault_ml6030
  • powervault_ml6000

quantum

  • scalar_i500
  • scalar_i500_firmware
CWE
CWE-352

Cross-Site Request Forgery (CSRF)