CVE-2012-2172

Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.

Published: Jun 22, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-2172
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
ibm / ds_storage_manager_host_software	-	10.83.x
ibm / ds_storage_manager_host_software	10.8	10.8.x
ibm / ds_storage_manager_host_software	10.60.x5.14	10.60.x5.14.x
ibm / ds4100	-	-
ibm / ds4100	1724	1724.x
ibm / ds4200	1814	1814.x
ibm / ds4300	1722	1722.x
ibm / ds4400	1742	1742.x
ibm / ds4500	1742	1742.x
ibm / ds4700	1814	1814.x
ibm / ds4800	1815	1815.x
ibm / system_storage_dcs3700_storage_subsystem	1818	1818.x
ibm / system_storage_ds3200	1726	1726.x
ibm / system_storage_ds3300	1726	1726.x
ibm / system_storage_ds3400	1726	1726.x
ibm / system_storage_ds3512	1746	1746.x
ibm / system_storage_ds3524	1746	1746.x
ibm / system_storage_ds3950_express	1814	1814.x
ibm / system_storage_ds5020_disk_controller	1814-20a	1814-20a.x
ibm / system_storage_ds5100_storage_controller	1818	1818.x
ibm / system_storage_ds5300_storage_controller	1818	1818.x

Vulnerability Database

289,871

CVE-2012-2172