IBM TS4500 and Diamondback Tape Libraries Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability has been identified in the web GUI of IBM TS4500 and IBM Diamondback Tape Libraries. This issue affects specific versions of both products and allows authenticated users to inject arbitrary JavaScript into the Web UI. The injected script could alter functionality and potentially lead to credential disclosure within a trusted session. The vulnerability arises from insufficient input sanitization in certain dialog boxes, enabling the storage and later execution of malicious code when an affected event entry is accessed.

Impact

Exploitation of this vulnerability could result in cross-site scripting, allowing for the injection of malicious scripts that could be executed in the context of the user's session.

Remediation

Users of IBM TS4500 should upgrade to Fix Pack version 1.11.0.2-C03 or later. Users of IBM Diamondback Tape Library should upgrade to Fix Pack version 2.11.0.4-C01 or later. All future releases will include the fix for this vulnerability.