CVE-2012-1843
Quantum Scalar i500 Firmware < i7.0.3 - Cross-Site Request Forgery via saveRestore.htm fileName Parameter
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."
References (7)
Core 7
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48453
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/913483
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80227
US Government Resource x_refsource_misc
http://www.kb.cert.org/vuls/id/MAPG-8NNKN8
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74161
US Government Resource x_refsource_misc
http://www.kb.cert.org/vuls/id/MAPG-8NVRPY
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48403
Scores
EPSS
0.0019
EPSS Percentile
40.7%
Details
CWE
CWE-352
Status
published
Products (22)
dell/powervault_ml6000
32u
dell/powervault_ml6000
41u
dell/powervault_ml6000_firmware
585g.gs003
dell/powervault_ml6010
5u
dell/powervault_ml6020
14u
dell/powervault_ml6030
23u
quantum/scalar_i500
5u
quantum/scalar_i500
14u
quantum/scalar_i500
23u
quantum/scalar_i500_firmware
i2
... and 12 more
Published
Mar 22, 2012
Tracked Since
Feb 18, 2026