IBM Storage TS4500 and Diamondback Tape Libraries Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability has been identified in IBM Storage TS4500 Library versions 1.11.0.0 and 2.11.0.0, as well as in all versions of IBM Diamondback Tape Library. This vulnerability allows an unauthenticated attacker to inject arbitrary JavaScript into the Web UI, potentially altering functionality and leading to credential disclosure within a trusted session.

Impact

Exploitation of this vulnerability could result in cross-site scripting, allowing for the injection of malicious scripts that could be executed in the context of the user's session.

Remediation

Users of IBM Storage TS4500 Library should upgrade to version 1.12.0.0-C00 or later for the 1.11.0.0 release, and to version 2.12.0.0-C00 or later for the 2.11.0.0 release. Both versions are available from IBM Fix Central. All future releases will include the fix for this vulnerability.