CVE-2012-2172
Summary
| CVE | CVE-2012-2172 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-06-22 10:24:00 UTC |
| Updated | 2017-08-29 01:31:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Ibm | Ds4100 | All | All | All | All |
| Hardware | Ibm | Ds4100 | 1724 | All | All | All |
| Hardware | Ibm | Ds4100 | All | All | All | All |
| Hardware | Ibm | Ds4100 | 1724 | All | All | All |
| Hardware | Ibm | Ds4200 | 1814 | All | All | All |
| Hardware | Ibm | Ds4200 | 1814 | All | All | All |
| Hardware | Ibm | Ds4300 | 1722 | All | All | All |
| Hardware | Ibm | Ds4300 | 1722 | All | All | All |
| Hardware | Ibm | Ds4400 | 1742 | All | All | All |
| Hardware | Ibm | Ds4400 | 1742 | All | All | All |
| Hardware | Ibm | Ds4500 | 1742 | All | All | All |
| Hardware | Ibm | Ds4500 | 1742 | All | All | All |
| Hardware | Ibm | Ds4700 | 1814 | All | All | All |
| Hardware | Ibm | Ds4700 | 1814 | All | All | All |
| Hardware | Ibm | Ds4800 | 1815 | All | All | All |
| Hardware | Ibm | Ds4800 | 1815 | All | All | All |
| Application | Ibm | Ds Storage Manager Host Software | 10.60.x5.14 | All | All | All |
| Application | Ibm | Ds Storage Manager Host Software | 10.8 | All | All | All |
| Application | Ibm | Ds Storage Manager Host Software | 10.60.x5.14 | All | All | All |
| Application | Ibm | Ds Storage Manager Host Software | 10.8 | All | All | All |
| Application | Ibm | Ds Storage Manager Host Software | All | All | All | All |
| Hardware | Ibm | System Storage Dcs3700 Storage Subsystem | 1818 | All | All | All |
| Hardware | Ibm | System Storage Dcs3700 Storage Subsystem | 1818 | All | All | All |
| Hardware | Ibm | System Storage Ds3200 | 1726 | All | All | All |
| Hardware | Ibm | System Storage Ds3200 | 1726 | All | All | All |
| Hardware | Ibm | System Storage Ds3300 | 1726 | All | All | All |
| Hardware | Ibm | System Storage Ds3300 | 1726 | All | All | All |
| Hardware | Ibm | System Storage Ds3400 | 1726 | All | All | All |
| Hardware | Ibm | System Storage Ds3400 | 1726 | All | All | All |
| Hardware | Ibm | System Storage Ds3512 | 1746 | All | All | All |
| Hardware | Ibm | System Storage Ds3512 | 1746 | All | All | All |
| Hardware | Ibm | System Storage Ds3524 | 1746 | All | All | All |
| Hardware | Ibm | System Storage Ds3524 | 1746 | All | All | All |
| Hardware | Ibm | System Storage Ds3950 Express | 1814 | All | All | All |
| Hardware | Ibm | System Storage Ds3950 Express | 1814 | All | All | All |
| Hardware | Ibm | System Storage Ds5020 Disk Controller | 1814-20a | All | All | All |
| Hardware | Ibm | System Storage Ds5020 Disk Controller | 1814-20a | All | All | All |
| Hardware | Ibm | System Storage Ds5100 Storage Controller | 1818 | All | All | All |
| Hardware | Ibm | System Storage Ds5100 Storage Controller | 1818 | All | All | All |
| Hardware | Ibm | System Storage Ds5300 Storage Controller | 1818 | All | All | All |
| Hardware | Ibm | System Storage Ds5300 Storage Controller | 1818 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| IBM Blogs | CONFIRM | www.ibm.com | Vendor Advisory |
| www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt | MISC | www.zeroscience.mk | Exploit |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.