Vulnerabilites related to ibm - ds4100
Vulnerability from fkie_nvd
Published
2004-09-04 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| brocade | silkworm | 3200 | |
| brocade | silkworm | 3250 | |
| brocade | silkworm | 3800 | |
| brocade | silkworm | 3850 | |
| brocade | silkworm | 3900 | |
| brocade | silkworm_fiber_channel_switch | 2010 | |
| brocade | silkworm_fiber_channel_switch | 2040 | |
| brocade | silkworm_fiber_channel_switch | 2050 | |
| engenio | storage_controller | 2822 | |
| engenio | storage_controller | 2882 | |
| engenio | storage_controller | 4884 | |
| engenio | storage_controller | 5884 | |
| ibm | ds4100 | * | |
| storagetek | d280 | * | |
| broadcom | fabric_operating_system | 2.1.2 | |
| broadcom | fabric_operating_system | 2.2 | |
| broadcom | fabric_operating_system | 3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:brocade:silkworm:3200:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF1ED4B-1AEF-4EA4-B97E-A959C0FB9BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:brocade:silkworm:3250:*:*:*:*:*:*:*",
"matchCriteriaId": "DC0787B5-F7D2-4F3B-91B7-D63FC8EC93D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:brocade:silkworm:3800:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE6F784-D1CA-4545-B5A4-104904A67CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:brocade:silkworm:3850:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A67E41-67F1-46BC-97F0-04859F188609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:brocade:silkworm:3900:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3F08A6-0928-4654-8AC5-45EA7FB1C397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:brocade:silkworm_fiber_channel_switch:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "8ABE8C25-072D-4444-9C70-CFBA055603B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:brocade:silkworm_fiber_channel_switch:2040:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DCB605-E91E-4F9A-99FF-82E7FF3DEE61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:brocade:silkworm_fiber_channel_switch:2050:*:*:*:*:*:*:*",
"matchCriteriaId": "260CD57E-6A9D-4507-A3CE-385E6D67AB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:engenio:storage_controller:2822:*:*:*:*:*:*:*",
"matchCriteriaId": "31B1F6AA-6AF8-4D36-9E17-37EA7B8EAAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:engenio:storage_controller:2882:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC140B1-6C03-4DF7-8B3D-BA23BDA91614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:engenio:storage_controller:4884:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F6F87E-31C4-4A6C-81C0-DEB055341C16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:engenio:storage_controller:5884:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BCE31D-1E12-48D5-94DF-A650975A292C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A70E5F14-9F22-4263-B9E2-5CADBCE1BE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:storagetek:d280:*:*:*:*:*:*:*:*",
"matchCriteriaId": "353AFDAB-9369-4FC2-81EC-1CE5ACB418C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1B419E9E-A92F-4773-B64D-F6A9D595666E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09357B7C-2D5C-4C4C-A630-92E93A00F366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:broadcom:fabric_operating_system:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48535F1A-DDEA-4225-9592-7890E3CB7F64",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets."
}
],
"id": "CVE-2004-1663",
"lastModified": "2024-11-20T23:51:26.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109435831811484\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12464"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11108"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109435831811484\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-22 10:24
Modified
2024-11-21 01:38
Severity ?
Summary
SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | ds_storage_manager_host_software | * | |
| ibm | ds_storage_manager_host_software | 10.8 | |
| ibm | ds_storage_manager_host_software | 10.60.x5.14 | |
| ibm | ds4100 | * | |
| ibm | ds4100 | 1724 | |
| ibm | ds4200 | 1814 | |
| ibm | ds4300 | 1722 | |
| ibm | ds4400 | 1742 | |
| ibm | ds4500 | 1742 | |
| ibm | ds4700 | 1814 | |
| ibm | ds4800 | 1815 | |
| ibm | system_storage_dcs3700_storage_subsystem | 1818 | |
| ibm | system_storage_ds3200 | 1726 | |
| ibm | system_storage_ds3300 | 1726 | |
| ibm | system_storage_ds3400 | 1726 | |
| ibm | system_storage_ds3512 | 1746 | |
| ibm | system_storage_ds3524 | 1746 | |
| ibm | system_storage_ds3950_express | 1814 | |
| ibm | system_storage_ds5020_disk_controller | 1814-20a | |
| ibm | system_storage_ds5100_storage_controller | 1818 | |
| ibm | system_storage_ds5300_storage_controller | 1818 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3019D7A-C9A4-48D9-BAE9-E03ED79A184F",
"versionEndIncluding": "10.83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "52489840-0CBD-4B10-AA5C-77FBD52D2A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:10.60.x5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9752934B-9CFD-4233-885A-63F80F0B2766",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:ds4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A70E5F14-9F22-4263-B9E2-5CADBCE1BE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4100:1724:*:*:*:*:*:*:*",
"matchCriteriaId": "CE202F3C-2971-492B-9263-4EEEA5762592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4200:1814:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC0E7FA-32C0-4C26-AE27-9500E674847B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4300:1722:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9D7E15-763E-4443-81DA-94418D5643E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4400:1742:*:*:*:*:*:*:*",
"matchCriteriaId": "CF34B72A-9608-4883-A2A2-629125D163B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4500:1742:*:*:*:*:*:*:*",
"matchCriteriaId": "03D296A9-E67C-449E-B774-FF20A8333187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4700:1814:*:*:*:*:*:*:*",
"matchCriteriaId": "75BC52EE-EB60-4C18-9987-36CAE56F67D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4800:1815:*:*:*:*:*:*:*",
"matchCriteriaId": "38291A79-ED22-45ED-80B1-B98F2F92BA66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_dcs3700_storage_subsystem:1818:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDC1691-A4B4-4AE4-A19C-BA2FDF0C28E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds3200:1726:*:*:*:*:*:*:*",
"matchCriteriaId": "B78F6585-8890-477B-AA4F-1A4092DD6F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds3300:1726:*:*:*:*:*:*:*",
"matchCriteriaId": "69A41183-73AA-4148-90E8-2D34A70E4A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds3400:1726:*:*:*:*:*:*:*",
"matchCriteriaId": "9A509484-6D73-4F0F-B996-94EF58E36010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds3512:1746:*:*:*:*:*:*:*",
"matchCriteriaId": "48750AB0-08B3-4A60-8102-7BEFB985FB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds3524:1746:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF9BE45-D6D6-410E-BABB-A834D33A52A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds3950_express:1814:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4ABA37-8B79-414F-9510-458DF0C1064C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds5020_disk_controller:1814-20a:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7EA1B8-EC32-444B-9485-F6EFE1B6DD20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds5100_storage_controller:1818:*:*:*:*:*:*:*",
"matchCriteriaId": "979FD97C-0E37-43C9-AB2F-F79FCE15D135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds5300_storage_controller:1818:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAC221F-B825-418F-BE80-BB7A074E346F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en ModuleServlet.do en Storage Manager Profiler in IBM System Storage DS Storage Manager antes de v10.83.xx.18 de dispositivos de la Serie DS, permite a usuarios remotos autenticados ejecutar comandos SQL a trav\u00e9s del par\u00e1metro selectedModuleOnly en una acci\u00f3n state_viewmodulelog a la URI ModuleServlet."
}
],
"id": "CVE-2012-2171",
"lastModified": "2024-11-21T01:38:38.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-22T10:24:06.957",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
},
{
"source": "psirt@us.ibm.com",
"url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-22 10:24
Modified
2024-11-21 01:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | ds_storage_manager_host_software | * | |
| ibm | ds_storage_manager_host_software | 10.8 | |
| ibm | ds_storage_manager_host_software | 10.60.x5.14 | |
| ibm | ds4100 | * | |
| ibm | ds4100 | 1724 | |
| ibm | ds4200 | 1814 | |
| ibm | ds4300 | 1722 | |
| ibm | ds4400 | 1742 | |
| ibm | ds4500 | 1742 | |
| ibm | ds4700 | 1814 | |
| ibm | ds4800 | 1815 | |
| ibm | system_storage_dcs3700_storage_subsystem | 1818 | |
| ibm | system_storage_ds3200 | 1726 | |
| ibm | system_storage_ds3300 | 1726 | |
| ibm | system_storage_ds3400 | 1726 | |
| ibm | system_storage_ds3512 | 1746 | |
| ibm | system_storage_ds3524 | 1746 | |
| ibm | system_storage_ds3950_express | 1814 | |
| ibm | system_storage_ds5020_disk_controller | 1814-20a | |
| ibm | system_storage_ds5100_storage_controller | 1818 | |
| ibm | system_storage_ds5300_storage_controller | 1818 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3019D7A-C9A4-48D9-BAE9-E03ED79A184F",
"versionEndIncluding": "10.83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "52489840-0CBD-4B10-AA5C-77FBD52D2A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:10.60.x5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9752934B-9CFD-4233-885A-63F80F0B2766",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ibm:ds4100:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A70E5F14-9F22-4263-B9E2-5CADBCE1BE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4100:1724:*:*:*:*:*:*:*",
"matchCriteriaId": "CE202F3C-2971-492B-9263-4EEEA5762592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4200:1814:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC0E7FA-32C0-4C26-AE27-9500E674847B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4300:1722:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9D7E15-763E-4443-81DA-94418D5643E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4400:1742:*:*:*:*:*:*:*",
"matchCriteriaId": "CF34B72A-9608-4883-A2A2-629125D163B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4500:1742:*:*:*:*:*:*:*",
"matchCriteriaId": "03D296A9-E67C-449E-B774-FF20A8333187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4700:1814:*:*:*:*:*:*:*",
"matchCriteriaId": "75BC52EE-EB60-4C18-9987-36CAE56F67D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:ds4800:1815:*:*:*:*:*:*:*",
"matchCriteriaId": "38291A79-ED22-45ED-80B1-B98F2F92BA66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_dcs3700_storage_subsystem:1818:*:*:*:*:*:*:*",
"matchCriteriaId": "8BDC1691-A4B4-4AE4-A19C-BA2FDF0C28E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds3200:1726:*:*:*:*:*:*:*",
"matchCriteriaId": "B78F6585-8890-477B-AA4F-1A4092DD6F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds3300:1726:*:*:*:*:*:*:*",
"matchCriteriaId": "69A41183-73AA-4148-90E8-2D34A70E4A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds3400:1726:*:*:*:*:*:*:*",
"matchCriteriaId": "9A509484-6D73-4F0F-B996-94EF58E36010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds3512:1746:*:*:*:*:*:*:*",
"matchCriteriaId": "48750AB0-08B3-4A60-8102-7BEFB985FB1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds3524:1746:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF9BE45-D6D6-410E-BABB-A834D33A52A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds3950_express:1814:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4ABA37-8B79-414F-9510-458DF0C1064C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds5020_disk_controller:1814-20a:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7EA1B8-EC32-444B-9485-F6EFE1B6DD20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds5100_storage_controller:1818:*:*:*:*:*:*:*",
"matchCriteriaId": "979FD97C-0E37-43C9-AB2F-F79FCE15D135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:ibm:system_storage_ds5300_storage_controller:1818:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAC221F-B825-418F-BE80-BB7A074E346F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en SoftwareRegistration.do en Storage Manager Profiler en IBM System Storage DS Storage Manager antes de v10.83.xx.18 en dispositivos de la Serie DS, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro updateRegn."
}
],
"id": "CVE-2012-2172",
"lastModified": "2024-11-21T01:38:38.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-22T10:24:07.003",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Exploit"
],
"url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75239"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-200409-0059
Vulnerability from variot
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. It is reported that hardware based on Engenio Storage Controllers are prone to a remote denial of service vulnerability. This could also result reportedly result in unrecoverable corruption of data. Affected hardware includes Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches. Other devices may be affected such as other Storagetek and IBM FastT storage controllers, SGI, and Teradata storage controllers though this has not confirmed. The problem may exist in the underlying vxWorks operating system though this has also not been confirmed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200409-0059",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "silkworm fiber channel switch",
"scope": "eq",
"trust": 1.9,
"vendor": "brocade",
"version": "2050"
},
{
"model": "silkworm fiber channel switch",
"scope": "eq",
"trust": 1.9,
"vendor": "brocade",
"version": "2040"
},
{
"model": "silkworm fiber channel switch",
"scope": "eq",
"trust": 1.9,
"vendor": "brocade",
"version": "2010"
},
{
"model": "silkworm",
"scope": "eq",
"trust": 1.9,
"vendor": "brocade",
"version": "3900"
},
{
"model": "silkworm",
"scope": "eq",
"trust": 1.9,
"vendor": "brocade",
"version": "3850"
},
{
"model": "silkworm",
"scope": "eq",
"trust": 1.9,
"vendor": "brocade",
"version": "3800"
},
{
"model": "silkworm",
"scope": "eq",
"trust": 1.9,
"vendor": "brocade",
"version": "3250"
},
{
"model": "silkworm",
"scope": "eq",
"trust": 1.9,
"vendor": "brocade",
"version": "3200"
},
{
"model": "storage controller",
"scope": "eq",
"trust": 1.3,
"vendor": "engenio",
"version": "5884"
},
{
"model": "storage controller",
"scope": "eq",
"trust": 1.3,
"vendor": "engenio",
"version": "4884"
},
{
"model": "storage controller",
"scope": "eq",
"trust": 1.3,
"vendor": "engenio",
"version": "2882"
},
{
"model": "storage controller",
"scope": "eq",
"trust": 1.3,
"vendor": "engenio",
"version": "2822"
},
{
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2.1.2"
},
{
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2.2"
},
{
"model": "fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.1"
},
{
"model": "d280",
"scope": "eq",
"trust": 1.0,
"vendor": "storagetek",
"version": "*"
},
{
"model": "ds4100",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "*"
},
{
"model": "d280",
"scope": null,
"trust": 0.3,
"vendor": "storagetek",
"version": null
},
{
"model": "ds4100",
"scope": null,
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "fabric os",
"scope": "eq",
"trust": 0.3,
"vendor": "brocade",
"version": "3.1"
},
{
"model": "fabric os",
"scope": "eq",
"trust": 0.3,
"vendor": "brocade",
"version": "2.2"
},
{
"model": "fabric os",
"scope": "eq",
"trust": 0.3,
"vendor": "brocade",
"version": "2.1.2"
}
],
"sources": [
{
"db": "BID",
"id": "11108"
},
{
"db": "NVD",
"id": "CVE-2004-1663"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-010"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:brocade:silkworm:3200:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:brocade:silkworm:3250:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:engenio:storage_controller:2882:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:engenio:storage_controller:4884:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:brocade:silkworm_fiber_channel_switch:2040:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:brocade:silkworm_fiber_channel_switch:2050:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:engenio:storage_controller:2822:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:brocade:silkworm:3900:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:brocade:silkworm_fiber_channel_switch:2010:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:storagetek:d280:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:broadcom:fabric_operating_system:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:brocade:silkworm:3800:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:brocade:silkworm:3850:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:engenio:storage_controller:5884:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:ibm:ds4100:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1663"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery is credited to Frank Denis.",
"sources": [
{
"db": "BID",
"id": "11108"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-010"
}
],
"trust": 0.9
},
"cve": "CVE-2004-1663",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-10093",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1663",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200409-010",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-10093",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10093"
},
{
"db": "NVD",
"id": "CVE-2004-1663"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-010"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. It is reported that hardware based on Engenio Storage Controllers are prone to a remote denial of service vulnerability. This could also result reportedly result in unrecoverable corruption of data. \nAffected hardware includes Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches. Other devices may be affected such as other Storagetek and IBM FastT storage controllers, SGI, and Teradata storage controllers though this has not confirmed. The problem may exist in the underlying vxWorks operating system though this has also not been confirmed",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1663"
},
{
"db": "BID",
"id": "11108"
},
{
"db": "VULHUB",
"id": "VHN-10093"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11108",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2004-1663",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "12464",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200409-010",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-10093",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10093"
},
{
"db": "BID",
"id": "11108"
},
{
"db": "NVD",
"id": "CVE-2004-1663"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-010"
}
]
},
"id": "VAR-200409-0059",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10093"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:21:14.643000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1663"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/11108"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/12464"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17290"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=109435831811484\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.storagetek.com/products/category_page2004.html"
},
{
"trust": 0.3,
"url": "http://www.engenio.com/"
},
{
"trust": 0.3,
"url": "http://www.storage.ibm.com/disk/fastt/"
},
{
"trust": 0.3,
"url": "/archive/1/374246"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=109435831811484\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10093"
},
{
"db": "BID",
"id": "11108"
},
{
"db": "NVD",
"id": "CVE-2004-1663"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-010"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10093"
},
{
"db": "BID",
"id": "11108"
},
{
"db": "NVD",
"id": "CVE-2004-1663"
},
{
"db": "CNNVD",
"id": "CNNVD-200409-010"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-10093"
},
{
"date": "2004-09-04T00:00:00",
"db": "BID",
"id": "11108"
},
{
"date": "2004-09-04T04:00:00",
"db": "NVD",
"id": "CVE-2004-1663"
},
{
"date": "2004-09-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200409-010"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10093"
},
{
"date": "2004-09-04T00:00:00",
"db": "BID",
"id": "11108"
},
{
"date": "2021-06-22T15:19:34.840000",
"db": "NVD",
"id": "CVE-2004-1663"
},
{
"date": "2021-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200409-010"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200409-010"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LSI Logic storage controllers Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200409-010"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200409-010"
}
],
"trust": 0.6
}
}
cve-2012-2171
Vulnerability from cvelistv5
Published
2012-06-22 10:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75236 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
},
{
"name": "ssds-smp-sql-injection(75236)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
},
{
"name": "ssds-smp-sql-injection(75236)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
},
{
"name": "ssds-smp-sql-injection(75236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236"
},
{
"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-2171",
"datePublished": "2012-06-22T10:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1663
Vulnerability from cvelistv5
Published
2005-02-20 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/12464 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/11108 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=109435831811484&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17290 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12464"
},
{
"name": "11108",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11108"
},
{
"name": "20040904 Engenio/LSI Logic controllers denial of service/data corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109435831811484\u0026w=2"
},
{
"name": "engenio-controller-tcp-dos(17290)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17290"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12464"
},
{
"name": "11108",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11108"
},
{
"name": "20040904 Engenio/LSI Logic controllers denial of service/data corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109435831811484\u0026w=2"
},
{
"name": "engenio-controller-tcp-dos(17290)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17290"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12464"
},
{
"name": "11108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11108"
},
{
"name": "20040904 Engenio/LSI Logic controllers denial of service/data corruption",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109435831811484\u0026w=2"
},
{
"name": "engenio-controller-tcp-dos(17290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17290"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1663",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-21T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2172
Vulnerability from cvelistv5
Published
2012-06-22 10:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75239 | vdb-entry, x_refsource_XF | |
| http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
},
{
"name": "ssds-multiple-mp-xss(75239)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75239"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
},
{
"name": "ssds-multiple-mp-xss(75239)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75239"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
},
{
"name": "ssds-multiple-mp-xss(75239)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75239"
},
{
"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-2172",
"datePublished": "2012-06-22T10:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}