CVE-2012-2172

{"id": "CVE-2012-2172", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-06-22T10:24:07.003", "references": [{"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt", "tags": ["Exploit"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75239", "source": "psirt@us.ibm.com"}, {"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75239", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en SoftwareRegistration.do en Storage Manager Profiler en IBM System Storage DS Storage Manager antes de v10.83.xx.18 en dispositivos de la Serie DS, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro updateRegn."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3019D7A-C9A4-48D9-BAE9-E03ED79A184F", "versionEndIncluding": "10.83"}, {"criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:10.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52489840-0CBD-4B10-AA5C-77FBD52D2A24"}, {"criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:10.60.x5.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9752934B-9CFD-4233-885A-63F80F0B2766"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:ds4100:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A70E5F14-9F22-4263-B9E2-5CADBCE1BE52"}, {"criteria": "cpe:2.3:h:ibm:ds4100:1724:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE202F3C-2971-492B-9263-4EEEA5762592"}, {"criteria": "cpe:2.3:h:ibm:ds4200:1814:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BC0E7FA-32C0-4C26-AE27-9500E674847B"}, {"criteria": "cpe:2.3:h:ibm:ds4300:1722:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A9D7E15-763E-4443-81DA-94418D5643E1"}, {"criteria": "cpe:2.3:h:ibm:ds4400:1742:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF34B72A-9608-4883-A2A2-629125D163B2"}, {"criteria": "cpe:2.3:h:ibm:ds4500:1742:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03D296A9-E67C-449E-B774-FF20A8333187"}, {"criteria": "cpe:2.3:h:ibm:ds4700:1814:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75BC52EE-EB60-4C18-9987-36CAE56F67D5"}, {"criteria": "cpe:2.3:h:ibm:ds4800:1815:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38291A79-ED22-45ED-80B1-B98F2F92BA66"}, {"criteria": "cpe:2.3:h:ibm:system_storage_dcs3700_storage_subsystem:1818:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BDC1691-A4B4-4AE4-A19C-BA2FDF0C28E7"}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds3200:1726:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B78F6585-8890-477B-AA4F-1A4092DD6F43"}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds3300:1726:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69A41183-73AA-4148-90E8-2D34A70E4A9C"}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds3400:1726:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A509484-6D73-4F0F-B996-94EF58E36010"}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds3512:1746:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48750AB0-08B3-4A60-8102-7BEFB985FB1F"}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds3524:1746:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDF9BE45-D6D6-410E-BABB-A834D33A52A8"}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds3950_express:1814:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA4ABA37-8B79-414F-9510-458DF0C1064C"}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds5020_disk_controller:1814-20a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D7EA1B8-EC32-444B-9485-F6EFE1B6DD20"}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds5100_storage_controller:1818:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "979FD97C-0E37-43C9-AB2F-F79FCE15D135"}, {"criteria": "cpe:2.3:h:ibm:system_storage_ds5300_storage_controller:1818:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BAC221F-B825-418F-BE80-BB7A074E346F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}