Vulnerability CVE-2012-2172
Published: 2012-06-22

Description:
Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities
Gjoko 'Liqu...
21.06.2012

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
IBM -> System storage ds5020 disk controller 
IBM -> Ds storage manager host software 
IBM -> System storage ds5100 storage controller 
IBM -> Ds4100 
IBM -> System storage ds5300 storage controller 
IBM -> Ds4200 
IBM -> Ds4300 
IBM -> Ds4400 
IBM -> Ds4500 
IBM -> Ds4700 
IBM -> Ds4800 
IBM -> System storage dcs3700 storage subsystem 
IBM -> System storage ds3200 
IBM -> System storage ds3300 
IBM -> System storage ds3400 
IBM -> System storage ds3512 
IBM -> System storage ds3524 
IBM -> System storage ds3950 express 

 References:
http://xforce.iss.net/xforce/xfdb/75239
http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt
http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172
Copyright 2024, cxsecurity.com

 

Back to Top