Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-2172

Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.

Published

2012-06-22T10:24:07.003

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application ibm ds_storage_manager_host_software ≤ 10.83 Yes
Application ibm ds_storage_manager_host_software 10.8 Yes
Application ibm ds_storage_manager_host_software 10.60.x5.14 Yes
Hardware ibm ds4100 * Yes
Hardware ibm ds4100 1724 Yes
Hardware ibm ds4200 1814 Yes
Hardware ibm ds4300 1722 Yes
Hardware ibm ds4400 1742 Yes
Hardware ibm ds4500 1742 Yes
Hardware ibm ds4700 1814 Yes
Hardware ibm ds4800 1815 Yes
Hardware ibm system_storage_dcs3700_storage_subsystem 1818 Yes
Hardware ibm system_storage_ds3200 1726 Yes
Hardware ibm system_storage_ds3300 1726 Yes
Hardware ibm system_storage_ds3400 1726 Yes
Hardware ibm system_storage_ds3512 1746 Yes
Hardware ibm system_storage_ds3524 1746 Yes
Hardware ibm system_storage_ds3950_express 1814 Yes
Hardware ibm system_storage_ds5020_disk_controller 1814-20a Yes
Hardware ibm system_storage_ds5100_storage_controller 1818 Yes
Hardware ibm system_storage_ds5300_storage_controller 1818 Yes
References