Published: 22/03/2012 Updated: 10/01/2018
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
VMScore: 534
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Summary

Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote malicious users to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."

Affected Products

Vendor Product Versions
DellPowervault Ml6000 Firmware585g.gs003
DellPowervault Ml600032u, 41u
DellPowervault Ml60105u
DellPowervault Ml602014u
DellPowervault Ml603023u
QuantumScalar I500 FirmwareI2, I3, I3.1, I4, I5, I5.1, I6, I6.1, I7, I7.0.1, I7.0.2, Sp4, Sp4.2
QuantumScalar I5005u, 14u, 23u