Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-1841

Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter.

Published

2012-03-22T10:17:11.003

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	quantum	scalar_i500_firmware	≤ i7.0.2	Yes
Application	quantum	scalar_i500_firmware	i2	Yes
Application	quantum	scalar_i500_firmware	i3	Yes
Application	quantum	scalar_i500_firmware	i3.1	Yes
Application	quantum	scalar_i500_firmware	i4	Yes
Application	quantum	scalar_i500_firmware	i5	Yes
Application	quantum	scalar_i500_firmware	i5.1	Yes
Application	quantum	scalar_i500_firmware	i6	Yes
Application	quantum	scalar_i500_firmware	i6.1	Yes
Application	quantum	scalar_i500_firmware	i7	Yes
Application	quantum	scalar_i500_firmware	i7.0.1	Yes
Application	quantum	scalar_i500_firmware	sp4	Yes
Application	quantum	scalar_i500_firmware	sp4.2	Yes
Hardware	quantum	scalar_i500	5u	Yes
Hardware	quantum	scalar_i500	14u	Yes
Hardware	quantum	scalar_i500	23u	Yes
Application	dell	powervault_ml6000_firmware	585g.gs003	Yes
Hardware	dell	powervault_ml6000	32u	Yes
Hardware	dell	powervault_ml6000	41u	Yes
Hardware	dell	powervault_ml6010	5u	Yes
Hardware	dell	powervault_ml6020	14u	Yes
Hardware	dell	powervault_ml6030	23u	Yes

References

http://osvdb.org/80226 ([email protected])
http://secunia.com/advisories/48403 ([email protected])
http://secunia.com/advisories/48453 ([email protected])
http://www.kb.cert.org/vuls/id/913483 US Government Resource ([email protected])
http://www.kb.cert.org/vuls/id/MAPG-8NNKN8 US Government Resource ([email protected])
http://www.kb.cert.org/vuls/id/MAPG-8NVRPY US Government Resource ([email protected])
http://osvdb.org/80226 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48403 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48453 (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/913483 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/MAPG-8NNKN8 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/MAPG-8NVRPY US Government Resource (af854a3a-2127-422b-91ae-364da2661108)