CVE-2012-2171
Summary
| CVE | CVE-2012-2171 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-06-22 10:24:00 UTC |
| Updated | 2017-08-29 01:31:00 UTC |
| Description | SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ibm | Ds4100 | All | All | All | All |
| Hardware | Ibm | Ds4100 | 1724 | All | All | All |
| Hardware | Ibm | Ds4100 | All | All | All | All |
| Hardware | Ibm | Ds4100 | 1724 | All | All | All |
| Hardware | Ibm | Ds4200 | 1814 | All | All | All |
| Hardware | Ibm | Ds4200 | 1814 | All | All | All |
| Hardware | Ibm | Ds4300 | 1722 | All | All | All |
| Hardware | Ibm | Ds4300 | 1722 | All | All | All |
| Hardware | Ibm | Ds4400 | 1742 | All | All | All |
| Hardware | Ibm | Ds4400 | 1742 | All | All | All |
| Hardware | Ibm | Ds4500 | 1742 | All | All | All |
| Hardware | Ibm | Ds4500 | 1742 | All | All | All |
| Hardware | Ibm | Ds4700 | 1814 | All | All | All |
| Hardware | Ibm | Ds4700 | 1814 | All | All | All |
| Hardware | Ibm | Ds4800 | 1815 | All | All | All |
| Hardware | Ibm | Ds4800 | 1815 | All | All | All |
| Application | Ibm | Ds Storage Manager Host Software | 10.60.x5.14 | All | All | All |
| Application | Ibm | Ds Storage Manager Host Software | 10.8 | All | All | All |
| Application | Ibm | Ds Storage Manager Host Software | 10.60.x5.14 | All | All | All |
| Application | Ibm | Ds Storage Manager Host Software | 10.8 | All | All | All |
| Application | Ibm | Ds Storage Manager Host Software | All | All | All | All |
| Hardware | Ibm | System Storage Dcs3700 Storage Subsystem | 1818 | All | All | All |
| Hardware | Ibm | System Storage Dcs3700 Storage Subsystem | 1818 | All | All | All |
| Hardware | Ibm | System Storage Ds3200 | 1726 | All | All | All |
| Hardware | Ibm | System Storage Ds3200 | 1726 | All | All | All |
| Hardware | Ibm | System Storage Ds3300 | 1726 | All | All | All |
| Hardware | Ibm | System Storage Ds3300 | 1726 | All | All | All |
| Hardware | Ibm | System Storage Ds3400 | 1726 | All | All | All |
| Hardware | Ibm | System Storage Ds3400 | 1726 | All | All | All |
| Hardware | Ibm | System Storage Ds3512 | 1746 | All | All | All |
| Hardware | Ibm | System Storage Ds3512 | 1746 | All | All | All |
| Hardware | Ibm | System Storage Ds3524 | 1746 | All | All | All |
| Hardware | Ibm | System Storage Ds3524 | 1746 | All | All | All |
| Hardware | Ibm | System Storage Ds3950 Express | 1814 | All | All | All |
| Hardware | Ibm | System Storage Ds3950 Express | 1814 | All | All | All |
| Hardware | Ibm | System Storage Ds5020 Disk Controller | 1814-20a | All | All | All |
| Hardware | Ibm | System Storage Ds5020 Disk Controller | 1814-20a | All | All | All |
| Hardware | Ibm | System Storage Ds5100 Storage Controller | 1818 | All | All | All |
| Hardware | Ibm | System Storage Ds5100 Storage Controller | 1818 | All | All | All |
| Hardware | Ibm | System Storage Ds5300 Storage Controller | 1818 | All | All | All |
| Hardware | Ibm | System Storage Ds5300 Storage Controller | 1818 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM Blogs | CONFIRM | www.ibm.com | Vendor Advisory |
| www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt | MISC | www.zeroscience.mk | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.