6

CVE-2012-1843

Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QuantumScalar I500 Firmware Version <= i7.0.2
QuantumScalar I500 Firmware Versioni3.1
QuantumScalar I500 Firmware Versioni5.1
QuantumScalar I500 Firmware Versioni6.1
QuantumScalar I500 Firmware Versioni7.0.1
QuantumScalar I500 Firmware Versionsp4
QuantumScalar I500 Firmware Versionsp4.2
QuantumScalar I500 Version5u
QuantumScalar I500 Version14u
QuantumScalar I500 Version23u
DellPowervault Ml6000 Firmware Version585g.gs003
DellPowervault Ml6000 Version32u
DellPowervault Ml6000 Version41u
DellPowervault Ml6010 Version5u
DellPowervault Ml6020 Version14u
DellPowervault Ml6030 Version23u
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.06% 0.602
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://secunia.com/advisories/48403
http://secunia.com/advisories/48453
http://www.kb.cert.org/vuls/id/913483
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8NNKN8
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8NVRPY
US Government Resource
http://osvdb.org/80227
https://exchange.xforce.ibmcloud.com/vulnerabilities/74161