CVE-2012-3296
Summary
| CVE | CVE-2012-3296 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-08-17 20:55:00 UTC |
| Updated | 2017-08-29 01:31:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ibm | Power Hardware Management Console | 7r7.1.0 | All | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.1.0 | sp0 | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.1.0 | sp1 | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.1.0 | sp2 | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.1.0 | sp3 | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.2.0 | All | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.2.0 | sp0 | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.2.0 | sp1 | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.3.0 | All | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.1.0 | All | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.1.0 | sp0 | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.1.0 | sp1 | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.1.0 | sp2 | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.1.0 | sp3 | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.2.0 | All | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.2.0 | sp0 | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.2.0 | sp1 | All | All |
| Application | Ibm | Power Hardware Management Console | 7r7.3.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM notice: The page you requested cannot be displayed | AIXAPAR | www.ibm.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| IBM Support: Fix Central | CONFIRM | www.ibm.com | |
| IBM Hardware Management Console Input Validation Hole in Login Panel Help Link Permits Cross-Site Scripting Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| IBM notice: The page you requested cannot be displayed | AIXAPAR | www.ibm.com | |
| IBM Support: Fix Central | CONFIRM | www.ibm.com | |
| Security Advisory SA50376 - IBM HMC Login Panel Cross-Site Scripting Vulnerability - Secunia | SECUNIA | secunia.com | |
| IBM Blogs | CONFIRM | www.ibm.com | Vendor Advisory |
| IBM notice: The page you requested cannot be displayed | AIXAPAR | www.ibm.com | |
| IBM Support: Fix Central | CONFIRM | www.ibm.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.