CVE-2025-36239

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2025-36239

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2024-43192

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

CVE-2025-36239

IBM Storage TS4500 Library and IBM Diamondback Tape Library are affected by CVE-2025-36239. The IBM security bulletin confirms a cross-site scripting flaw in the Web UI caused by unsanitized URL-derived data on a password-change page, potentially enabling an attacker to inject arbitrary JavaScrip...

CVE-2025-36239 IBM Storage TS4500 Library cross-site scripting

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2025-36239 IBM Storage TS4500 Library cross-site scripting

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2024-43192 IBM Storage TS4500 Library cross-site request forgery

IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...

PT-2025-39702

Name of the Vulnerable Software and Affected Versions IBM Storage TS4500 Library versions 1.11.0.0 and 2.11.0.0 Description The software is susceptible to cross-site request forgery, which could enable an attacker to perform unauthorized actions using the privileges of a trusted user...

IBM Storage TS4500 Library 跨站请求伪造漏洞

IBM Storage TS4500 Library is a next-generation tape storage solution from IBM designed to help mid-sized and large enterprises meet the challenges of cloud storage, enabling high-density data storage and flexible scaling through LTO technology. The IBM Storage TS4500 Library suffers from a...

PT-2025-39703

Name of the Vulnerable Software and Affected Versions IBM Storage TS4500 Library versions 1.11.0.0 and 2.11.0.0 Description The IBM Storage TS4500 Library is susceptible to a cross-site scripting issue. An unauthenticated attacker can inject arbitrary JavaScript code into the Web UI, potentially...

Security Bulletin: TS4500 Tape Library/Diamondback Tape Library addresses security vulnerability CVE-2021-23450

Summary The tape library web GUI used an outdated version of the JavaScript library dojo.js containing a prototype pollution vulnerability. This could potentially be leveraged to facilitate XSS attacks in the browser, or, if executed server-side, to enable remote code execution. The issue has bee...