4.3
CVE-2012-2172
- EPSS 4.26%
- Veröffentlicht 22.06.2012 10:24:07
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle psirt@us.ibm.com
- Teams Watchlist Login
- Unerledigt Login
Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Ds Storage Manager Host Software Version <= 10.83
Ibm ≫ Ds Storage Manager Host Software Version10.8
Ibm ≫ Ds Storage Manager Host Software Version10.60.x5.14
Ibm ≫ System Storage Dcs3700 Storage Subsystem Version1818
Ibm ≫ System Storage Ds3200 Version1726
Ibm ≫ System Storage Ds3300 Version1726
Ibm ≫ System Storage Ds3400 Version1726
Ibm ≫ System Storage Ds3512 Version1746
Ibm ≫ System Storage Ds3524 Version1746
Ibm ≫ System Storage Ds3950 Express Version1814
Ibm ≫ System Storage Ds5020 Disk Controller Version1814-20a
Ibm ≫ System Storage Ds5100 Storage Controller Version1818
Ibm ≫ System Storage Ds5300 Storage Controller Version1818
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.26% | 0.877 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.