DXi Security Enhancement
Quantum has determined that a SQL injection attack may be possible prior to authentication.
Recommended Action
Quantum recommends that you apply the appropriate code update linked below as soon as
possible and adhere to best practices for data storage product security.
If you are unable to apply the appropriate update at this time, Quantum recommends that you disable the DXi Administrative Activity Logging. Instructions to disable Activity Logging can be found in the DXi User Guide documentation.
DXi 4 series:
Update your DXi 4 series software to version V4.5.0.3 or later. This software is available on the links below and on Quantum’s YUM server.
DXi4800, DXi4801
https://www.quantum.com/en/service-support/downloads-and-firmware/dxi4800/
DXi9000, DXi9100
https://www.quantum.com/en/service-support/downloads-and-firmware/dxi9000/
DXi V5000
https://www.quantum.com/en/service-support/downloads-and-firmware/dxivseries/
DXi 3 series:
Update your DXi 3 series by applying a customer-installable patch available at the links below.
DXi4700
https://www.quantum.com/en/service-support/downloads-and-firmware/dxi4700/
DXi6900/S
https://www.quantum.com/en/service-support/downloads-and-firmware/DXi6900/
Vulnerable Quantum Products
• DXi 4 series products: 4801, 4800, 9000, 9100, V5000
• DXi 3 series products: 4700 and 6900, 6900S
• For legacy DXi products not listed here, contact Quantum Service