CVE-2012-2172
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD
Description
Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.
Affected (21)
Products: Ibm: Ds Storage Manager Host Software, Ds4100, Ds4200, Ds4300, Ds4400, Ds4500, Ds4700, Ds4800, System Storage Dcs3700 Storage Subsystem, System Storage Ds3200, System Storage Ds3300, System Storage Ds3400, System Storage Ds3512, System Storage Ds3524, System Storage Ds3950 Express, System Storage Ds5020 Disk Controller, System Storage Ds5100 Storage Controller, System Storage Ds5300 Storage Controller
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 10.83 | |
| All versions | |
| Version 1814 | |
| Version 1722 | |
| Version 1742 | |
| Version 1742 | |
| Version 1814 | |
| Version 1815 | |
| Version 1818 | |
| Version 1726 | |
| Version 1726 | |
| Version 1726 | |
| Version 1746 | |
| Version 1746 | |
| Version 1814 | |
| Version 1814-20a | |
| Version 1818 | |
| Version 1818 |
References (6)
http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172
Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.