CVE-2012-3296

Published: Aug 17, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected (9)

Products: Ibm: Power Hardware Management Console

1 product

Power Hardware Management Console

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Ibm Power Hardware Management Console	Version 7r7.1.0
Ibm Power Hardware Management Console	Version 7r7.1.0 sp0
Ibm Power Hardware Management Console	Version 7r7.1.0 sp1
Ibm Power Hardware Management Console	Version 7r7.1.0 sp2
Ibm Power Hardware Management Console	Version 7r7.1.0 sp3
Ibm Power Hardware Management Console	Version 7r7.2.0
Ibm Power Hardware Management Console	Version 7r7.2.0 sp0
Ibm Power Hardware Management Console	Version 7r7.2.0 sp1
Ibm Power Hardware Management Console	Version 7r7.3.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (20)

http://secunia.com/advisories/50376

Source: psirt@us.ibm.com

http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617

Source: psirt@us.ibm.com

Vendor Advisory

http://www.ibm.com/support/docview.wss?uid=isg1MB03488

Source: psirt@us.ibm.com

http://www.ibm.com/support/docview.wss?uid=isg1MB03489

Source: psirt@us.ibm.com

http://www.ibm.com/support/docview.wss?uid=isg1MB03494

Source: psirt@us.ibm.com

http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253

Source: psirt@us.ibm.com

http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257

Source: psirt@us.ibm.com

http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258

Source: psirt@us.ibm.com

http://www.securitytracker.com/id?1027433

Source: psirt@us.ibm.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/77288

Source: psirt@us.ibm.com

http://secunia.com/advisories/50376

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.ibm.com/support/docview.wss?uid=isg1MB03488

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ibm.com/support/docview.wss?uid=isg1MB03489

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ibm.com/support/docview.wss?uid=isg1MB03494

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1027433

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/77288

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.