4.3
CVE-2012-3296
- EPSS 1.65%
- Veröffentlicht 17.08.2012 20:55:04
- Zuletzt bearbeitet 16.06.2026 23:42:57
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Power Hardware Management Console Version7r7.1.0
Ibm ≫ Power Hardware Management Console Version7r7.1.0 Updatesp0
Ibm ≫ Power Hardware Management Console Version7r7.1.0 Updatesp1
Ibm ≫ Power Hardware Management Console Version7r7.1.0 Updatesp2
Ibm ≫ Power Hardware Management Console Version7r7.1.0 Updatesp3
Ibm ≫ Power Hardware Management Console Version7r7.2.0
Ibm ≫ Power Hardware Management Console Version7r7.2.0 Updatesp0
Ibm ≫ Power Hardware Management Console Version7r7.2.0 Updatesp1
Ibm ≫ Power Hardware Management Console Version7r7.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.65% | 0.734 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://secunia.com/advisories/50376
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617
http://www.ibm.com/support/docview.wss?uid=isg1MB03488
http://www.ibm.com/support/docview.wss?uid=isg1MB03489
http://www.ibm.com/support/docview.wss?uid=isg1MB03494
http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253
http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257
http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258
http://www.securitytracker.com/id?1027433
https://exchange.xforce.ibmcloud.com/vulnerabilities/77288