Sign-up

ID

VAR-201302-0092


CVE

CVE-2012-5767


TITLE

IBM System Storage TS3500 Tape library Web Vulnerability gained in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2013-001700

DESCRIPTION

Unspecified vulnerability in the web interface on the IBM TS3500 Tape Library with firmware before C260 allows remote authenticated users to gain privileges via unspecified vectors. IBM System Storage TS3500 Tape Library is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and gain administrative access to the application, which may aid in further attacks. Versions prior to IBM System Storage TS3500 Tape Library C260 are affected. Through an unknown vector, a remote authentication attacker could exploit this vulnerability to gain privileges

Trust: 1.98

sources: NVD: CVE-2012-5767 // JVNDB: JVNDB-2013-001700 // BID: 58176 // VULHUB: VHN-59048

AFFECTED PRODUCTS

vendor:ibmmodel:ts3500 tape libraryscope:eqversion:3584

Trust: 1.0

vendor:ibmmodel:ts3500 tape libraryscope:lteversion:c080

Trust: 1.0

vendor:ibmmodel:system storage ts3500 tape libraryscope: - version: -

Trust: 0.8

vendor:ibmmodel:system storage ts3500 tape libraryscope:ltversion:c260

Trust: 0.8

vendor:ibmmodel:ts3500 tape libraryscope:eqversion:c080

Trust: 0.6

sources: JVNDB: JVNDB-2013-001700 // CNNVD: CNNVD-201302-588 // NVD: CVE-2012-5767

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-5767
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-5767
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201302-588
value: MEDIUM

Trust: 0.6

VULHUB: VHN-59048
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-5767
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-59048
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-59048 // JVNDB: JVNDB-2013-001700 // CNNVD: CNNVD-201302-588 // NVD: CVE-2012-5767

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-5767

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-588

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201302-588

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001700

PATCH
title:1004282url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004282
Trust: 0.8
title:C260url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45672
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-001700 // 
            
            
            
            CNNVD: CNNVD-201302-588

EXTERNAL IDS
db:NVDid:CVE-2012-5767
Trust: 2.8
db:JVNDBid:JVNDB-2013-001700
Trust: 0.8
db:CNNVDid:CNNVD-201302-588
Trust: 0.7
db:SECUNIAid:52345
Trust: 0.6
db:XFid:80272
Trust: 0.6
db:BIDid:58176
Trust: 0.4
db:VULHUBid:VHN-59048
Trust: 0.1
sources:
            
            
            VULHUB: VHN-59048 // 
            
            
            
            BID: 58176 // 
            
            
            
            JVNDB: JVNDB-2013-001700 // 
            
            
            
            CNNVD: CNNVD-201302-588 // 
            
            
            
            NVD: CVE-2012-5767

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004282
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/80272
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5767
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5767
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/80272
Trust: 0.6
url:http://secunia.com/advisories/52345
Trust: 0.6
sources:
            
            
            VULHUB: VHN-59048 // 
            
            
            
            JVNDB: JVNDB-2013-001700 // 
            
            
            
            CNNVD: CNNVD-201302-588 // 
            
            
            
            NVD: CVE-2012-5767

CREDITS
Narodowe Archiwum Cyfrowe
Trust: 0.3
sources:
            
            
            BID: 58176

SOURCES
db:VULHUBid:VHN-59048
db:BIDid:58176
db:JVNDBid:JVNDB-2013-001700
db:CNNVDid:CNNVD-201302-588
db:NVDid:CVE-2012-5767

LAST UPDATE DATE
2025-04-11T23:08:47.474000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-59048date:2017-08-29T00:00:00
db:BIDid:58176date:2013-02-26T00:00:00
db:JVNDBid:JVNDB-2013-001700date:2013-02-28T00:00:00
db:CNNVDid:CNNVD-201302-588date:2013-03-01T00:00:00
db:NVDid:CVE-2012-5767date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-59048date:2013-02-27T00:00:00
db:BIDid:58176date:2013-02-26T00:00:00
db:JVNDBid:JVNDB-2013-001700date:2013-02-28T00:00:00
db:CNNVDid:CNNVD-201302-588date:2013-02-28T00:00:00
db:NVDid:CVE-2012-5767date:2013-02-27T16:55:02.213