CVE-2014-2959

logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dell:powervault_ml6000_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dell:powervault_ml6000:32u:*:*:*:*:*:*:*
cpe:2.3:h:dell:powervault_ml6000:41u:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:quantum:scalar_i500_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:quantum:scalar_i500:5u:*:*:*:*:*:*:*
cpe:2.3:h:quantum:scalar_i500:14u:*:*:*:*:*:*:*
cpe:2.3:h:quantum:scalar_i500:23u:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-06-02 19:55

Updated : 2024-02-28 12:20


NVD link : CVE-2014-2959

Mitre link : CVE-2014-2959

CVE.ORG link : CVE-2014-2959


JSON object : View

Products Affected

quantum

  • scalar_i500
  • scalar_i500_firmware

dell

  • powervault_ml6000
  • powervault_ml6000_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')