CVE-2012-2171
6.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Exploitability: 8.0 / Impact: 6.4
Source: NVD
Description
SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.
Affected (21)
Products: Ibm: Ds Storage Manager Host Software, Ds4100, Ds4200, Ds4300, Ds4400, Ds4500, Ds4700, Ds4800, System Storage Dcs3700 Storage Subsystem, System Storage Ds3200, System Storage Ds3300, System Storage Ds3400, System Storage Ds3512, System Storage Ds3524, System Storage Ds3950 Express, System Storage Ds5020 Disk Controller, System Storage Ds5100 Storage Controller, System Storage Ds5300 Storage Controller
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 10.83 | |
| All versions | |
| Version 1814 | |
| Version 1722 | |
| Version 1742 | |
| Version 1742 | |
| Version 1814 | |
| Version 1815 | |
| Version 1818 | |
| Version 1726 | |
| Version 1726 | |
| Version 1726 | |
| Version 1746 | |
| Version 1746 | |
| Version 1814 | |
| Version 1814-20a | |
| Version 1818 | |
| Version 1818 |
References (6)
http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172
Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Source: psirt@us.ibm.com
http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.