Published: 22/06/2012 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager prior to 10.83.xx.18 on DS Series devices allows remote malicious users to inject arbitrary web script or HTML via the updateRegn parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm ds_storage_manager_host_software 10.60.x5.14
ibm ds_storage_manager_host_software 10.8
ibm ds_storage_manager_host_software
ibm ds4100
ibm system_storage_dcs3700_storage_subsystem 1818
ibm system_storage_ds3200 1726
ibm system_storage_ds5100_storage_controller 1818
ibm system_storage_ds5300_storage_controller 1818
ibm ds4100 1724
ibm ds4200 1814
ibm ds4300 1722
ibm system_storage_ds3300 1726
ibm system_storage_ds3400 1726
ibm ds4400 1742
ibm ds4500 1742
ibm system_storage_ds3512 1746
ibm system_storage_ds3524 1746
ibm ds4700 1814
ibm ds4800 1815
ibm system_storage_ds3950_express 1814
ibm system_storage_ds5020_disk_controller 1814-20a

IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities Vendor: IBM Corporation Product web page: wwwibmcom Affected version: 486 Summary: Through its extraordinary flexibility, reliability, and performance, the IBM® System Storage® series is designed to manage a broad scope of storage workloads that exist in today ...

IBM System Storage DS Storage Manager Profiler version 486 suffers from cross site scripting and remote SQL injection vulnerabilities ...

CWE-79 http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172 https://exchange.xforce.ibmcloud.com/vulnerabilities/75239 https://nvd.nist.gov https://www.exploit-db.com/exploits/19321/

CVE-2012-2172

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect