IBM Storage TS4500 and Diamondback Tape Libraries Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in IBM Storage TS4500 Library versions 1.11.0.0 and 2.11.0.0, as well as in all versions of IBM Diamondback Tape Library. This vulnerability allows attackers to perform malicious and unauthorized actions by exploiting the trust that the application has in authenticated users.

Impact

Exploitation of this vulnerability could lead to unauthorized actions being performed on behalf of an authenticated user, potentially allowing attackers to manipulate data or application state in ways that are not intended or authorized.

Remediation

Users of IBM Storage TS4500 Library 1.11.0.0 should upgrade to version 1.12.0.0-C00 or later. Users of IBM Storage TS4500 Library 2.11.0.0 should upgrade to version 2.12.0.0-C00 or later. Both versions are available from IBM Fix Central. All future releases will include the fix for this vulnerability.