cvelistv5 - CVE-2012-2171

CVE-2012-2171 (GCVE-0-2012-2171)

Vulnerability from cvelistv5 – Published: 2012-06-22 10:00 – Updated: 2024-08-06 19:26

Summary

SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.

Severity ?

No CVSS data available.

CWE

Assigner

ibm

References

URL

Tags

	http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.ibm.com/connections/blogs/PSIRT/entry/…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
          },
          {
            "name": "ssds-smp-sql-injection(75236)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
        },
        {
          "name": "ssds-smp-sql-injection(75236)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2171",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt",
              "refsource": "MISC",
              "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
            },
            {
              "name": "ssds-smp-sql-injection(75236)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236"
            },
            {
              "name": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-2171",
    "datePublished": "2012-06-22T10:00:00",
    "dateReserved": "2012-04-04T00:00:00",
    "dateUpdated": "2024-08-06T19:26:08.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:ds_storage_manager_host_software:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.83\", \"matchCriteriaId\": \"C3019D7A-C9A4-48D9-BAE9-E03ED79A184F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:ds_storage_manager_host_software:10.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52489840-0CBD-4B10-AA5C-77FBD52D2A24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:ds_storage_manager_host_software:10.60.x5.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9752934B-9CFD-4233-885A-63F80F0B2766\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:ds4100:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A70E5F14-9F22-4263-B9E2-5CADBCE1BE52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:ds4100:1724:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE202F3C-2971-492B-9263-4EEEA5762592\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:ds4200:1814:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BC0E7FA-32C0-4C26-AE27-9500E674847B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:ds4300:1722:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A9D7E15-763E-4443-81DA-94418D5643E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:ds4400:1742:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF34B72A-9608-4883-A2A2-629125D163B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:ds4500:1742:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03D296A9-E67C-449E-B774-FF20A8333187\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:ds4700:1814:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75BC52EE-EB60-4C18-9987-36CAE56F67D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:ds4800:1815:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38291A79-ED22-45ED-80B1-B98F2F92BA66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:system_storage_dcs3700_storage_subsystem:1818:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BDC1691-A4B4-4AE4-A19C-BA2FDF0C28E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:system_storage_ds3200:1726:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B78F6585-8890-477B-AA4F-1A4092DD6F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:system_storage_ds3300:1726:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69A41183-73AA-4148-90E8-2D34A70E4A9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:system_storage_ds3400:1726:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A509484-6D73-4F0F-B996-94EF58E36010\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:system_storage_ds3512:1746:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48750AB0-08B3-4A60-8102-7BEFB985FB1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:system_storage_ds3524:1746:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDF9BE45-D6D6-410E-BABB-A834D33A52A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:system_storage_ds3950_express:1814:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA4ABA37-8B79-414F-9510-458DF0C1064C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:system_storage_ds5020_disk_controller:1814-20a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D7EA1B8-EC32-444B-9485-F6EFE1B6DD20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:system_storage_ds5100_storage_controller:1818:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"979FD97C-0E37-43C9-AB2F-F79FCE15D135\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:ibm:system_storage_ds5300_storage_controller:1818:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BAC221F-B825-418F-BE80-BB7A074E346F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n SQL en ModuleServlet.do en Storage Manager Profiler in IBM System Storage DS Storage Manager antes de v10.83.xx.18 de dispositivos de la Serie DS, permite a usuarios remotos autenticados ejecutar comandos SQL a trav\\u00e9s del par\\u00e1metro selectedModuleOnly en una acci\\u00f3n state_viewmodulelog a la URI ModuleServlet.\"}]",
      "id": "CVE-2012-2171",
      "lastModified": "2024-11-21T01:38:38.650",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-06-22T10:24:06.957",
      "references": "[{\"url\": \"http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/75236\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/75236\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "psirt@us.ibm.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-2171\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2012-06-22T10:24:06.957\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en ModuleServlet.do en Storage Manager Profiler in IBM System Storage DS Storage Manager antes de v10.83.xx.18 de dispositivos de la Serie DS, permite a usuarios remotos autenticados ejecutar comandos SQL a trav\u00e9s del par\u00e1metro selectedModuleOnly en una acci\u00f3n state_viewmodulelog a la URI ModuleServlet.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:ds_storage_manager_host_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.83\",\"matchCriteriaId\":\"C3019D7A-C9A4-48D9-BAE9-E03ED79A184F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:ds_storage_manager_host_software:10.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52489840-0CBD-4B10-AA5C-77FBD52D2A24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:ds_storage_manager_host_software:10.60.x5.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9752934B-9CFD-4233-885A-63F80F0B2766\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:ds4100:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A70E5F14-9F22-4263-B9E2-5CADBCE1BE52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:ds4100:1724:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE202F3C-2971-492B-9263-4EEEA5762592\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:ds4200:1814:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BC0E7FA-32C0-4C26-AE27-9500E674847B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:ds4300:1722:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A9D7E15-763E-4443-81DA-94418D5643E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:ds4400:1742:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF34B72A-9608-4883-A2A2-629125D163B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:ds4500:1742:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03D296A9-E67C-449E-B774-FF20A8333187\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:ds4700:1814:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75BC52EE-EB60-4C18-9987-36CAE56F67D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:ds4800:1815:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38291A79-ED22-45ED-80B1-B98F2F92BA66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:system_storage_dcs3700_storage_subsystem:1818:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BDC1691-A4B4-4AE4-A19C-BA2FDF0C28E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:system_storage_ds3200:1726:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B78F6585-8890-477B-AA4F-1A4092DD6F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:system_storage_ds3300:1726:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69A41183-73AA-4148-90E8-2D34A70E4A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:system_storage_ds3400:1726:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A509484-6D73-4F0F-B996-94EF58E36010\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:system_storage_ds3512:1746:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48750AB0-08B3-4A60-8102-7BEFB985FB1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:system_storage_ds3524:1746:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDF9BE45-D6D6-410E-BABB-A834D33A52A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:system_storage_ds3950_express:1814:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA4ABA37-8B79-414F-9510-458DF0C1064C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:system_storage_ds5020_disk_controller:1814-20a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D7EA1B8-EC32-444B-9485-F6EFE1B6DD20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:system_storage_ds5100_storage_controller:1818:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"979FD97C-0E37-43C9-AB2F-F79FCE15D135\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:ibm:system_storage_ds5300_storage_controller:1818:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BAC221F-B825-418F-BE80-BB7A074E346F\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/75236\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/75236\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2012-2171

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-2171

Aliases

CVE-2012-2171

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2171",
    "description": "SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.",
    "id": "GSD-2012-2171",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2012-2171"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2171"
      ],
      "details": "SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.",
      "id": "GSD-2012-2171",
      "modified": "2023-12-13T01:20:16.814690Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@us.ibm.com",
        "ID": "CVE-2012-2171",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt",
            "refsource": "MISC",
            "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
          },
          {
            "name": "ssds-smp-sql-injection(75236)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236"
          },
          {
            "name": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172",
            "refsource": "CONFIRM",
            "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:ds_storage_manager_host_software:10.60.x5.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:ds_storage_manager_host_software:10.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ibm:ds_storage_manager_host_software:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.83",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:ds4100:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:ds4100:1724:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:ds4200:1814:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:system_storage_ds3200:1726:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:system_storage_ds3300:1726:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:system_storage_ds5300_storage_controller:1818:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:ds4300:1722:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:ds4400:1742:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:system_storage_ds3400:1726:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:system_storage_ds3512:1746:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:ds4500:1742:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:ds4700:1814:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:system_storage_ds3524:1746:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:system_storage_ds3950_express:1814:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:ds4800:1815:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:system_storage_dcs3700_storage_subsystem:1818:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:system_storage_ds5020_disk_controller:1814-20a:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:ibm:system_storage_ds5100_storage_controller:1818:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-2171"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
            },
            {
              "name": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
            },
            {
              "name": "ssds-smp-sql-injection(75236)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:31Z",
      "publishedDate": "2012-06-22T10:24Z"
    }
  }
}

CERTA-2012-AVI-349

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilité ont été corrigées par IBM pour les produits Storage Server. La première (CVE-2012-2171) permet à un utilisateur malveillant d'injecter et d'exécuter du code SQL arbitraire à distance. La seconde (CVE-2012-2172) permet à un attaquant de réaliser de l'injection de code indirecte à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM System Storage DS3524, type 1746 ;
IBM	N/A	IBM System Storage DS3400, type 1726 ;
IBM	N/A	IBM System Storage DS5020 Disk Controller (1814-20A) ;
IBM	N/A	IBM System Storage DS3512, type 1746 ;
IBM	N/A	DS4800 Storage Server, type 1814 ;
IBM	N/A	DS4200 Storage Server, type 1814 ;
IBM	N/A	DS4400 (FAStT700) Storage Server, type 1742 ;
IBM	N/A	IBM System Storage DS5100 Storage Controller, type 1818 ;
IBM	N/A	IBM System Storage DS3950 Express, type 1814 ;
IBM	N/A	IBM System Storage DS3300, type 1726 ;
IBM	N/A	DS4700 Storage Server, type 1814 ( alimentations DC );
IBM	N/A	DS4500 (FAStT900) Storage Server, type 1742 ;
IBM	N/A	DS4700 Storage Server, type 1814 ;
IBM	N/A	DS4300 (FAStT600) Dual-Controller et Turbo Storage Server, type 1722 ;
IBM	N/A	IBM System Storage DS3200, type 1726 ;
IBM	N/A	IBM System Storage DS5300 Storage Controller, type 1818.
IBM	N/A	DS4100 (FAStT100) Dual-Controller Storage Server, type 1724 ;
IBM	N/A	IBM System Storage DCS3700 Storage Subsystem, type 1818, modèle 80C ;

References

Title

Publication Time

Tags

Bulletin de sécurité IBM H206045 du 15 juin 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM System Storage DS3524, type 1746 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS3400, type 1726 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS5020 Disk Controller (1814-20A) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS3512, type 1746 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4800 Storage Server, type 1814 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4200 Storage Server, type 1814 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4400 (FAStT700) Storage Server, type 1742 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS5100 Storage Controller, type 1818 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS3950 Express, type 1814 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS3300, type 1726 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4700 Storage Server, type 1814 ( alimentations DC );",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4500 (FAStT900) Storage Server, type 1742 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4700 Storage Server, type 1814 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4300 (FAStT600) Dual-Controller et Turbo Storage Server, type 1722 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS3200, type 1726 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS5300 Storage Controller, type 1818.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4100 (FAStT100) Dual-Controller Storage Server, type 1724 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DCS3700 Storage Subsystem, type 1818, mod\u00e8le 80C ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-2172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2172"
    },
    {
      "name": "CVE-2012-2171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2171"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-349",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-06-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9 ont \u00e9t\u00e9 corrig\u00e9es par IBM pour les produits \u003cspan\nclass=\"textit\"\u003eStorage Server\u003c/span\u003e. La premi\u00e8re (CVE-2012-2171) permet\n\u00e0 un utilisateur malveillant d\u0027injecter et d\u0027ex\u00e9cuter du code SQL\narbitraire \u00e0 distance. La seconde (CVE-2012-2172) permet \u00e0 un attaquant\nde r\u00e9aliser de l\u0027injection de code indirecte \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans IBM System Storage DS Storage Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM H206045 du 15 juin 2012",
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5090850\u0026brandind=5000028"
    }
  ]
}

CERTA-2012-AVI-349

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM System Storage DS3524, type 1746 ;
IBM	N/A	IBM System Storage DS3400, type 1726 ;
IBM	N/A	IBM System Storage DS5020 Disk Controller (1814-20A) ;
IBM	N/A	IBM System Storage DS3512, type 1746 ;
IBM	N/A	DS4800 Storage Server, type 1814 ;
IBM	N/A	DS4200 Storage Server, type 1814 ;
IBM	N/A	DS4400 (FAStT700) Storage Server, type 1742 ;
IBM	N/A	IBM System Storage DS5100 Storage Controller, type 1818 ;
IBM	N/A	IBM System Storage DS3950 Express, type 1814 ;
IBM	N/A	IBM System Storage DS3300, type 1726 ;
IBM	N/A	DS4700 Storage Server, type 1814 ( alimentations DC );
IBM	N/A	DS4500 (FAStT900) Storage Server, type 1742 ;
IBM	N/A	DS4700 Storage Server, type 1814 ;
IBM	N/A	DS4300 (FAStT600) Dual-Controller et Turbo Storage Server, type 1722 ;
IBM	N/A	IBM System Storage DS3200, type 1726 ;
IBM	N/A	IBM System Storage DS5300 Storage Controller, type 1818.
IBM	N/A	DS4100 (FAStT100) Dual-Controller Storage Server, type 1724 ;
IBM	N/A	IBM System Storage DCS3700 Storage Subsystem, type 1818, modèle 80C ;

References

Title

Publication Time

Tags

Bulletin de sécurité IBM H206045 du 15 juin 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM System Storage DS3524, type 1746 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS3400, type 1726 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS5020 Disk Controller (1814-20A) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS3512, type 1746 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4800 Storage Server, type 1814 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4200 Storage Server, type 1814 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4400 (FAStT700) Storage Server, type 1742 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS5100 Storage Controller, type 1818 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS3950 Express, type 1814 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS3300, type 1726 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4700 Storage Server, type 1814 ( alimentations DC );",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4500 (FAStT900) Storage Server, type 1742 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4700 Storage Server, type 1814 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4300 (FAStT600) Dual-Controller et Turbo Storage Server, type 1722 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS3200, type 1726 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DS5300 Storage Controller, type 1818.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "DS4100 (FAStT100) Dual-Controller Storage Server, type 1724 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM System Storage DCS3700 Storage Subsystem, type 1818, mod\u00e8le 80C ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-2172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2172"
    },
    {
      "name": "CVE-2012-2171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2171"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-349",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-06-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9 ont \u00e9t\u00e9 corrig\u00e9es par IBM pour les produits \u003cspan\nclass=\"textit\"\u003eStorage Server\u003c/span\u003e. La premi\u00e8re (CVE-2012-2171) permet\n\u00e0 un utilisateur malveillant d\u0027injecter et d\u0027ex\u00e9cuter du code SQL\narbitraire \u00e0 distance. La seconde (CVE-2012-2172) permet \u00e0 un attaquant\nde r\u00e9aliser de l\u0027injection de code indirecte \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans IBM System Storage DS Storage Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM H206045 du 15 juin 2012",
      "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5090850\u0026brandind=5000028"
    }
  ]
}

GHSA-648F-MVJ9-QMHQ

Vulnerability from github – Published: 2022-05-17 01:46 – Updated: 2022-05-17 01:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-2171"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-06-22T10:24:00Z",
    "severity": "MODERATE"
  },
  "details": "SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.",
  "id": "GHSA-648f-mvj9-qmhq",
  "modified": "2022-05-17T01:46:34Z",
  "published": "2022-05-17T01:46:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2171"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236"
    },
    {
      "type": "WEB",
      "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
    },
    {
      "type": "WEB",
      "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2012-2171

Vulnerability from fkie_nvd - Published: 2012-06-22 10:24 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
psirt@us.ibm.com	http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172	Vendor Advisory
psirt@us.ibm.com	http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt
psirt@us.ibm.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/75236
af854a3a-2127-422b-91ae-364da2661108	http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/75236

Impacted products

Vendor	Product	Version
ibm	ds_storage_manager_host_software	*
ibm	ds_storage_manager_host_software	10.8
ibm	ds_storage_manager_host_software	10.60.x5.14
ibm	ds4100	*
ibm	ds4100	1724
ibm	ds4200	1814
ibm	ds4300	1722
ibm	ds4400	1742
ibm	ds4500	1742
ibm	ds4700	1814
ibm	ds4800	1815
ibm	system_storage_dcs3700_storage_subsystem	1818
ibm	system_storage_ds3200	1726
ibm	system_storage_ds3300	1726
ibm	system_storage_ds3400	1726
ibm	system_storage_ds3512	1746
ibm	system_storage_ds3524	1746
ibm	system_storage_ds3950_express	1814
ibm	system_storage_ds5020_disk_controller	1814-20a
ibm	system_storage_ds5100_storage_controller	1818
ibm	system_storage_ds5300_storage_controller	1818

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3019D7A-C9A4-48D9-BAE9-E03ED79A184F",
              "versionEndIncluding": "10.83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "52489840-0CBD-4B10-AA5C-77FBD52D2A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:10.60.x5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "9752934B-9CFD-4233-885A-63F80F0B2766",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:ds4100:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70E5F14-9F22-4263-B9E2-5CADBCE1BE52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:ds4100:1724:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE202F3C-2971-492B-9263-4EEEA5762592",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:ds4200:1814:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BC0E7FA-32C0-4C26-AE27-9500E674847B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:ds4300:1722:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9D7E15-763E-4443-81DA-94418D5643E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:ds4400:1742:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF34B72A-9608-4883-A2A2-629125D163B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:ds4500:1742:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D296A9-E67C-449E-B774-FF20A8333187",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:ds4700:1814:*:*:*:*:*:*:*",
              "matchCriteriaId": "75BC52EE-EB60-4C18-9987-36CAE56F67D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:ds4800:1815:*:*:*:*:*:*:*",
              "matchCriteriaId": "38291A79-ED22-45ED-80B1-B98F2F92BA66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_storage_dcs3700_storage_subsystem:1818:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC1691-A4B4-4AE4-A19C-BA2FDF0C28E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_storage_ds3200:1726:*:*:*:*:*:*:*",
              "matchCriteriaId": "B78F6585-8890-477B-AA4F-1A4092DD6F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_storage_ds3300:1726:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A41183-73AA-4148-90E8-2D34A70E4A9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_storage_ds3400:1726:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A509484-6D73-4F0F-B996-94EF58E36010",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_storage_ds3512:1746:*:*:*:*:*:*:*",
              "matchCriteriaId": "48750AB0-08B3-4A60-8102-7BEFB985FB1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_storage_ds3524:1746:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDF9BE45-D6D6-410E-BABB-A834D33A52A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_storage_ds3950_express:1814:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4ABA37-8B79-414F-9510-458DF0C1064C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_storage_ds5020_disk_controller:1814-20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7EA1B8-EC32-444B-9485-F6EFE1B6DD20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_storage_ds5100_storage_controller:1818:*:*:*:*:*:*:*",
              "matchCriteriaId": "979FD97C-0E37-43C9-AB2F-F79FCE15D135",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:system_storage_ds5300_storage_controller:1818:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BAC221F-B825-418F-BE80-BB7A074E346F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en ModuleServlet.do en Storage Manager Profiler in IBM System Storage DS Storage Manager antes de v10.83.xx.18 de dispositivos de la Serie DS, permite a usuarios remotos autenticados ejecutar comandos SQL a trav\u00e9s del par\u00e1metro selectedModuleOnly en una acci\u00f3n state_viewmodulelog a la URI ModuleServlet."
    }
  ],
  "id": "CVE-2012-2171",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-22T10:24:06.957",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-2171 (GCVE-0-2012-2171)

GSD-2012-2171

CERTA-2012-AVI-349

Solution

CERTA-2012-AVI-349

Solution

GHSA-648F-MVJ9-QMHQ

FKIE_CVE-2012-2171

Tags

Sightings

Nomenclature