Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2012-1843
HistoryMar 22, 2012 - 10:17 a.m.

CVE-2012-1843

2012-03-2210:17:11
CWE-352
[email protected]
web.nvd.nist.gov

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.2%

JSON

Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a “command-injection vulnerability.”

Affected configurations

NVD
Node
quantumscalar_i500_firmwareRangei7.0.2
OR
quantumscalar_i500_firmwareMatchi2
OR
quantumscalar_i500_firmwareMatchi3
OR
quantumscalar_i500_firmwareMatchi3.1
OR
quantumscalar_i500_firmwareMatchi4
OR
quantumscalar_i500_firmwareMatchi5
OR
quantumscalar_i500_firmwareMatchi5.1
OR
quantumscalar_i500_firmwareMatchi6
OR
quantumscalar_i500_firmwareMatchi6.1
OR
quantumscalar_i500_firmwareMatchi7
OR
quantumscalar_i500_firmwareMatchi7.0.1
OR
quantumscalar_i500_firmwareMatchsp4
OR
quantumscalar_i500_firmwareMatchsp4.2
AND
quantumscalar_i500Match5u
OR
quantumscalar_i500Match14u
OR
quantumscalar_i500Match23u
Node
dellpowervault_ml6000_firmwareMatch585g.gs003
AND
dellpowervault_ml6000Match32u
OR
dellpowervault_ml6000Match41u
OR
dellpowervault_ml6010Match5u
OR
dellpowervault_ml6020Match14u
OR
dellpowervault_ml6030Match23u

Related

cvelist 1
prion 1
cve 1
cert 1
cvelist
cvelist
CVE-2012-1843
2012-03-22 10:00:00
prion
prion
Cross site request forgery (csrf)
2012-03-22 10:17:00
cve
cve
CVE-2012-1843
2012-03-22 10:17:11
cert
cert
Quantum Scalar i500, Dell ML6000 and IBM TS3310 tape libraries web interface and preconfigured password vulnerabilities
2012-03-19 00:00:00

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.2%

JSON
Related for NVD:CVE-2012-1843
cvelist1prion1cve1cert1