MidnightBSD

Advisories for quantum

CVE-2012-1841 MEDIUM

Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
quantum scalar_i500 14u
quantum scalar_i500_firmware sp4.2
quantum scalar_i500_firmware i3.1
quantum scalar_i500_firmware i2
quantum scalar_i500_firmware i3
quantum scalar_i500_firmware sp4
dell powervault_ml6000 32u
quantum scalar_i500 5u
dell powervault_ml6020 14u
quantum scalar_i500_firmware i7
quantum scalar_i500_firmware i6
quantum scalar_i500_firmware i6.1
dell powervault_ml6030 23u
quantum scalar_i500_firmware i4
quantum scalar_i500_firmware i5.1
quantum scalar_i500_firmware i7.0.1
dell powervault_ml6000 41u
quantum scalar_i500 23u
dell powervault_ml6010 5u
dell powervault_ml6000_firmware 585g.gs003
quantum scalar_i500_firmware *
quantum scalar_i500_firmware i5
CVE-2012-1842 LOW

Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
quantum scalar_i500 14u
quantum scalar_i500_firmware sp4.2
quantum scalar_i500_firmware i3.1
quantum scalar_i500_firmware i2
quantum scalar_i500_firmware i3
quantum scalar_i500_firmware sp4
dell powervault_ml6000 32u
quantum scalar_i500 5u
dell powervault_ml6020 14u
quantum scalar_i500_firmware i7
quantum scalar_i500_firmware i6
quantum scalar_i500_firmware i6.1
dell powervault_ml6030 23u
quantum scalar_i500_firmware i4
quantum scalar_i500_firmware i5.1
quantum scalar_i500_firmware i7.0.1
dell powervault_ml6000 41u
quantum scalar_i500 23u
dell powervault_ml6010 5u
dell powervault_ml6000_firmware 585g.gs003
quantum scalar_i500_firmware *
quantum scalar_i500_firmware i5
CVE-2012-1843 MEDIUM

Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
quantum scalar_i500 14u
quantum scalar_i500_firmware sp4.2
quantum scalar_i500_firmware i3.1
quantum scalar_i500_firmware i2
quantum scalar_i500_firmware i3
quantum scalar_i500_firmware sp4
dell powervault_ml6000 32u
quantum scalar_i500 5u
dell powervault_ml6020 14u
quantum scalar_i500_firmware i7
quantum scalar_i500_firmware i6
quantum scalar_i500_firmware i6.1
dell powervault_ml6030 23u
quantum scalar_i500_firmware i4
quantum scalar_i500_firmware i5.1
quantum scalar_i500_firmware i7.0.1
dell powervault_ml6000 41u
quantum scalar_i500 23u
dell powervault_ml6010 5u
dell powervault_ml6000_firmware 585g.gs003
quantum scalar_i500_firmware *
quantum scalar_i500_firmware i5
CVE-2012-1844 HIGH

The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-255,

Products Affected

Vendor Product Version
quantum scalar_i500_firmware i3.1
quantum scalar_i500_firmware i3
quantum scalar_i500_firmware sp4
dell powervault_ml6020 14u
quantum scalar_i500_firmware i6.1
dell powervault_ml6030 23u
quantum scalar_i500_firmware i5.1
quantum scalar_i500_firmware i7.0.1
dell powervault_ml6000 41u
quantum scalar_i500 23u
dell powervault_ml6010 5u
dell powervault_ml6000_firmware 585g.gs003
ibm ts3310_tape_library 3573
quantum scalar_i500_firmware *
quantum scalar_i500 14u
quantum scalar_i500_firmware sp4.2
quantum scalar_i500_firmware i2
dell powervault_ml6000 32u
quantum scalar_i500 5u
quantum scalar_i500_firmware i7
quantum scalar_i500_firmware i6
quantum scalar_i500_firmware i4
ibm ts3310_tape_library 3576
quantum scalar_i500_firmware i5
ibm ts3310_tape_library_firmware *
CVE-2014-2959 HIGH

logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
quantum scalar_i500 14u
dell powervault_ml6000_firmware *
dell powervault_ml6000 32u
quantum scalar_i500 5u
dell powervault_ml6000 41u
quantum scalar_i500_firmware *
quantum scalar_i500 23u