Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."
References
Link | Resource |
---|---|
http://osvdb.org/80227 | |
http://secunia.com/advisories/48403 | |
http://secunia.com/advisories/48453 | |
http://www.kb.cert.org/vuls/id/913483 | US Government Resource |
http://www.kb.cert.org/vuls/id/MAPG-8NNKN8 | US Government Resource |
http://www.kb.cert.org/vuls/id/MAPG-8NVRPY | US Government Resource |
https://exchange.xforce.ibmcloud.com/vulnerabilities/74161 |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
No history.
Information
Published : 2012-03-22 10:17
Updated : 2024-02-28 12:00
NVD link : CVE-2012-1843
Mitre link : CVE-2012-1843
CVE.ORG link : CVE-2012-1843
JSON object : View
Products Affected
dell
- powervault_ml6010
- powervault_ml6000_firmware
- powervault_ml6020
- powervault_ml6030
- powervault_ml6000
quantum
- scalar_i500
- scalar_i500_firmware
CWE
CWE-352
Cross-Site Request Forgery (CSRF)