CVE-2012-1843

Name of the Vulnerable Software and Affected Versions Quantum Scalar i500 tape library versions prior to i7.0.3 (604G.GS00100) Dell ML6000 tape library versions prior to A20-00 (590G.GS00100)

Description A cross-site request forgery (CSRF) issue exists in the saveRestore.htm file, allowing remote attackers to hijack user authentication for requests that execute Linux commands via the fileName parameter. This is related to a command-injection issue.

Recommendations For Quantum Scalar i500 tape library versions prior to i7.0.3 (604G.GS00100), update to version i7.0.3 (604G.GS00100) or later. For Dell ML6000 tape library versions prior to A20-00 (590G.GS00100), update to version A20-00 (590G.GS00100) or later. As a temporary workaround, consider restricting access to the saveRestore.htm file and the fileName parameter to minimize the risk of exploitation.