6

CVE-2012-1843

Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."

Data is provided by the National Vulnerability Database (NVD)
QuantumScalar I500 Firmware Version <= i7.0.2
QuantumScalar I500 Firmware Versioni3.1
QuantumScalar I500 Firmware Versioni5.1
QuantumScalar I500 Firmware Versioni6.1
QuantumScalar I500 Firmware Versioni7.0.1
QuantumScalar I500 Firmware Versionsp4
QuantumScalar I500 Firmware Versionsp4.2
QuantumScalar I500 Version5u
QuantumScalar I500 Version14u
QuantumScalar I500 Version23u
DellPowervault Ml6000 Firmware Version585g.gs003
DellPowervault Ml6000 Version32u
DellPowervault Ml6000 Version41u
DellPowervault Ml6010 Version5u
DellPowervault Ml6020 Version14u
DellPowervault Ml6030 Version23u
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.26% 0.466
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.