Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2012-2161 (GCVE-0-2012-2161)
Vulnerability from cvelistv5 – Published: 2012-06-20 10:00 – Updated: 2024-08-06 19:26
VLAI?
EPSS
Summary
Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "iehs-multiple-xss(74833)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74833"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"name": "iehs-multiple-xss(74833)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74833"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "iehs-multiple-xss(74833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74833"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21598423",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21596690",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2012-2161",
"datePublished": "2012-06-20T10:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_appscan_source:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2A8F522-B785-4C9D-B133-D895B8A5D0E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3EC310D-7C7F-4B5A-AFFC-58A38B67A0CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66B37DEF-109F-4769-901C-DD8B33DEA054\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FA1883D-1576-43B9-904A-536C0C249112\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6990B7A5-3C72-494B-A512-23E508B71CE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBE84BDC-3AC4-4BD2-9BF8-3C6C5E1DCF56\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:spss_data_collection:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED735680-3700-4744-857C-EA2F005D89E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:spss_data_collection:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"673496DB-11BB-4FEB-9772-175F5D45859F\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de ejecuci\\u00f3n de comandos en sitios cruzados (XSS) en deferredView.jsp in IBM Eclipse Help System (IEHS), tal como se utiliza en IBM Security AppScan Fuente v7.x y v8.x anterior a v8,6 y PASW Data Collection Developer Library v6.0 y v6.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\\u00e9s de un URL malicioso.\"}]",
"id": "CVE-2012-2161",
"lastModified": "2024-11-21T01:38:37.457",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2012-06-20T10:27:28.223",
"references": "[{\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg21596690\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg21598423\", \"source\": \"psirt@us.ibm.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/74833\", \"source\": \"psirt@us.ibm.com\"}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg21596690\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.ibm.com/support/docview.wss?uid=swg21598423\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/74833\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2012-2161\",\"sourceIdentifier\":\"psirt@us.ibm.com\",\"published\":\"2012-06-20T10:27:28.223\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en deferredView.jsp in IBM Eclipse Help System (IEHS), tal como se utiliza en IBM Security AppScan Fuente v7.x y v8.x anterior a v8,6 y PASW Data Collection Developer Library v6.0 y v6.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un URL malicioso.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_appscan_source:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2A8F522-B785-4C9D-B133-D895B8A5D0E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3EC310D-7C7F-4B5A-AFFC-58A38B67A0CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66B37DEF-109F-4769-901C-DD8B33DEA054\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FA1883D-1576-43B9-904A-536C0C249112\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6990B7A5-3C72-494B-A512-23E508B71CE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBE84BDC-3AC4-4BD2-9BF8-3C6C5E1DCF56\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:spss_data_collection:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED735680-3700-4744-857C-EA2F005D89E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:spss_data_collection:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"673496DB-11BB-4FEB-9772-175F5D45859F\"}]}]}],\"references\":[{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21596690\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21598423\",\"source\":\"psirt@us.ibm.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74833\",\"source\":\"psirt@us.ibm.com\"},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21596690\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.ibm.com/support/docview.wss?uid=swg21598423\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74833\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTA-2012-AVI-521
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités ont été corrigées dans IBM Eclipse Help System. Elles concernent des injections de code indirecte à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM Eclipse Help System 1.5.3 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM Eclipse Help System 1.5.3 et ant\u00e9rieures.\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21611417 du 18 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21611417"
}
],
"reference": "CERTA-2012-AVI-521",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nEclipse Help System\u003c/span\u003e. Elles concernent des injections de code\nindirecte \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans IBM Eclipse Help System",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 swg21611417 du 18 septembre 2012",
"url": null
}
]
}
CERTA-2012-AVI-521
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités ont été corrigées dans IBM Eclipse Help System. Elles concernent des injections de code indirecte à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM Eclipse Help System 1.5.3 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM Eclipse Help System 1.5.3 et ant\u00e9rieures.\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21611417 du 18 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21611417"
}
],
"reference": "CERTA-2012-AVI-521",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nEclipse Help System\u003c/span\u003e. Elles concernent des injections de code\nindirecte \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans IBM Eclipse Help System",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 swg21611417 du 18 septembre 2012",
"url": null
}
]
}
CERTA-2012-AVI-668
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM InfoSphere Discovery. Certaines d'entre elles permettent à un attaquant d'injecter du code indirecte à distance ( XSS ).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM InfoSphere Discovery version 4.5.1 pour Information Integration Workgroup Edition | ||
| IBM | N/A | IBM InfoSphere Discovery version 4.5.1 pour Information Integration | ||
| IBM | N/A | IBM InfoSphere Discovery Information Center version 4.5.1 | ||
| IBM | N/A | IBM InfoSphere Discovery version 4.5.1 pour z/OS |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM InfoSphere Discovery version 4.5.1 pour Information Integration Workgroup Edition",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Discovery version 4.5.1 pour Information Integration",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Discovery Information Center version 4.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Discovery version 4.5.1 pour z/OS",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2012-AVI-668",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-11-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM InfoSphere Discovery\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant d\u0027injecter du code indirecte \u00e0 distance ( XSS\n).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM InfoSphere Discovery",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21617872 du 19 novembre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21617872"
}
]
}
CERTA-2013-AVI-082
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM InfoSphere Information Server. Certaines d'entre elles permettent à un attaquant d'exécuter du code arbitraire au moyen d'un fichier DLL spécialement conçu.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM InfoSphere Information Server version 8.7",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Information Server version 8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Information Server version 8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0702",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0702"
},
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-0701",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0701"
},
{
"name": "CVE-2012-4832",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4832"
},
{
"name": "CVE-2012-0705",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0705"
},
{
"name": "CVE-2012-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0205"
},
{
"name": "CVE-2012-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0703"
},
{
"name": "CVE-2012-0700",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0700"
},
{
"name": "CVE-2012-4819",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4819"
},
{
"name": "CVE-2012-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0501"
},
{
"name": "CVE-2012-0203",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0203"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
},
{
"name": "CVE-2012-0204",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0204"
}
],
"links": [],
"reference": "CERTA-2013-AVI-082",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-01-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM InfoSphere Information Server\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant d\u0027ex\u00e9cuter du code arbitraire au\nmoyen d\u0027un fichier DLL sp\u00e9cialement con\u00e7u.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM InfoSphere Information Server Suite",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21623501 du 25 janvier 2013",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"
}
]
}
CERTA-2012-AVI-534
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités ont été corrigées dans IBM Rational Change. Elles concernent des injections de codes indirectes à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM Rational Change version 5.3.0.4
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM Rational Change version 5.3.0.4\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2012-AVI-534",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nRational Change\u003c/span\u003e. Elles concernent des injections de codes\nindirectes \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9s dans IBM Rational Change",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612273 du 26 septembre",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612273"
}
]
}
CERTA-2013-AVI-140
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM Data Studio Help System. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM Data Studio Help System versions antérieures à 3.2
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM Data Studio Help System versions ant\u00e9rieures \u00e0 3.2\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2013-0467",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0467"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2013-AVI-140",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM Data Studio Help System\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Data Studio Help System",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21625573 du 15 f\u00e9vrier 2013",
"url": "https://www.ibm.com/support/docview.wss?uid=swg21625573"
}
]
}
CERTA-2012-AVI-537
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM Rational Synergy. Certaines d'entre elles permettent une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Versions ant\u00e9rieures \u00e0 Rational Synergy 7.2.0.3 pour la branche 7.2.0.X",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 Rational Synergy 7.1.0.6 pour la branche 7.1.0.X",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0500"
},
{
"name": "CVE-2012-0502",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0502"
},
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-0507",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0507"
},
{
"name": "CVE-2012-0505",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0505"
},
{
"name": "CVE-2012-0499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0499"
},
{
"name": "CVE-2012-5035",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5035"
},
{
"name": "CVE-2012-0506",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0506"
},
{
"name": "CVE-2012-0503",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0503"
},
{
"name": "CVE-2011-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3563"
},
{
"name": "CVE-2011-4461",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4461"
},
{
"name": "CVE-2012-0497",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0497"
},
{
"name": "CVE-2012-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0501"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
},
{
"name": "CVE-2011-5035",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5035"
},
{
"name": "CVE-2012-0498",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0498"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612331 du 27 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612331"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612332 du 27 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612332"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612333 du 27 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612333"
}
],
"reference": "CERTA-2012-AVI-537",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-10-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM Rational Synergy\u003c/span\u003e. Certaines d\u0027entre elles\npermettent une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Rational Synergy",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 IBM swg21612331 swg21612332 swg21612333 du 27 septembre 2012",
"url": null
}
]
}
CERTA-2012-AVI-391
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités ont été corrigées dans IBM WebSphere. Elles affectent toutes les deux le composant IEHS (IBM Eclipse Help System). La première concerne une injection de code indirecte à distance (XSS) et la deuxième est une redirection d'URL.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM WebSphere Operanital Decision Management version 7.5.0.0 à 8.0.0.0 ; | ||
| IBM | WebSphere | IBM WebSphere ILOG Rules pour Cobol version 7.0.0 à 7.1.4 ; | ||
| IBM | WebSphere | IBM WebSphere ILOG Rules pour z/OS version 7.0.0 à 7.1.4. | ||
| IBM | WebSphere | IBM WebSphere ILOG JRules version 7.0.0 à 7.1.1.4 ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM WebSphere Operanital Decision Management version 7.5.0.0 \u00e0 8.0.0.0 ;",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere ILOG Rules pour Cobol version 7.0.0 \u00e0 7.1.4 ;",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere ILOG Rules pour z/OS version 7.0.0 \u00e0 7.1.4.",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere ILOG JRules version 7.0.0 \u00e0 7.1.1.4 ;",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM ISS X-Force 74833 du 08 juin 2012 :",
"url": "http://xforce.iss.net/xforce/xfdb/74833"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM ISS X-Force 74832 du 08 juin 2012 :",
"url": "http://xforce.iss.net/xforce/xfdb/74832"
}
],
"reference": "CERTA-2012-AVI-391",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nWebSphere\u003c/span\u003e. Elles affectent toutes les deux le composant IEHS (IBM\nEclipse Help System). La premi\u00e8re concerne une injection de code\nindirecte \u00e0 distance (XSS) et la deuxi\u00e8me est une redirection d\u0027URL.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21600616 du 05 juillet 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600616"
}
]
}
CERTA-2012-AVI-537
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM Rational Synergy. Certaines d'entre elles permettent une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Versions ant\u00e9rieures \u00e0 Rational Synergy 7.2.0.3 pour la branche 7.2.0.X",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "versions ant\u00e9rieures \u00e0 Rational Synergy 7.1.0.6 pour la branche 7.1.0.X",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0500"
},
{
"name": "CVE-2012-0502",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0502"
},
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-0507",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0507"
},
{
"name": "CVE-2012-0505",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0505"
},
{
"name": "CVE-2012-0499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0499"
},
{
"name": "CVE-2012-5035",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5035"
},
{
"name": "CVE-2012-0506",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0506"
},
{
"name": "CVE-2012-0503",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0503"
},
{
"name": "CVE-2011-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3563"
},
{
"name": "CVE-2011-4461",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4461"
},
{
"name": "CVE-2012-0497",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0497"
},
{
"name": "CVE-2012-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0501"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
},
{
"name": "CVE-2011-5035",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5035"
},
{
"name": "CVE-2012-0498",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0498"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612331 du 27 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612331"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612332 du 27 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612332"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612333 du 27 septembre 2012 :",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612333"
}
],
"reference": "CERTA-2012-AVI-537",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-10-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM Rational Synergy\u003c/span\u003e. Certaines d\u0027entre elles\npermettent une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Rational Synergy",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 IBM swg21612331 swg21612332 swg21612333 du 27 septembre 2012",
"url": null
}
]
}
CERTA-2013-AVI-139
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits IBM . Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Tivoli | IBM Tivoli Service Request Manager versions 7.2, 7.1, et 6.2 | ||
| IBM | N/A | IBM Maximo Asset Management versions 7.5, 7.1, et 6.2 | ||
| IBM | Tivoli | IBM Tivoli Change and Configuration Management Database versions 7.2 et 7.1 | ||
| IBM | Tivoli | IBM Tivoli Asset Management IT versions 7.2, 7.1, et 6.2 | ||
| IBM | N/A | IBM Maximo Asset Management Essentials versions 7.5, 7.1, et 6.2 | ||
| IBM | N/A | IBM SmartCloud Control Desk version 7.5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Tivoli Service Request Manager versions 7.2, 7.1, et 6.2",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Maximo Asset Management versions 7.5, 7.1, et 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Change and Configuration Management Database versions 7.2 et 7.1",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Asset Management IT versions 7.2, 7.1, et 6.2",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Maximo Asset Management Essentials versions 7.5, 7.1, et 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM SmartCloud Control Desk version 7.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3316"
},
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-3322",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3322"
},
{
"name": "CVE-2012-6355",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6355"
},
{
"name": "CVE-2012-3321",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3321"
},
{
"name": "CVE-2012-3327",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3327"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
},
{
"name": "CVE-2012-6356",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6356"
},
{
"name": "CVE-2013-0457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0457"
},
{
"name": "CVE-2012-6357",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6357"
},
{
"name": "CVE-2012-3328",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3328"
}
],
"links": [],
"reference": "CERTA-2013-AVI-139",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e . Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21625624 du 15 f\u00e9vrier 2013",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
}
]
}
CERTA-2012-AVI-668
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM InfoSphere Discovery. Certaines d'entre elles permettent à un attaquant d'injecter du code indirecte à distance ( XSS ).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM InfoSphere Discovery version 4.5.1 pour Information Integration Workgroup Edition | ||
| IBM | N/A | IBM InfoSphere Discovery version 4.5.1 pour Information Integration | ||
| IBM | N/A | IBM InfoSphere Discovery Information Center version 4.5.1 | ||
| IBM | N/A | IBM InfoSphere Discovery version 4.5.1 pour z/OS |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM InfoSphere Discovery version 4.5.1 pour Information Integration Workgroup Edition",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Discovery version 4.5.1 pour Information Integration",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Discovery Information Center version 4.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Discovery version 4.5.1 pour z/OS",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2012-AVI-668",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-11-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM InfoSphere Discovery\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant d\u0027injecter du code indirecte \u00e0 distance ( XSS\n).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM InfoSphere Discovery",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21617872 du 19 novembre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21617872"
}
]
}
CERTA-2012-AVI-391
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités ont été corrigées dans IBM WebSphere. Elles affectent toutes les deux le composant IEHS (IBM Eclipse Help System). La première concerne une injection de code indirecte à distance (XSS) et la deuxième est une redirection d'URL.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM WebSphere Operanital Decision Management version 7.5.0.0 à 8.0.0.0 ; | ||
| IBM | WebSphere | IBM WebSphere ILOG Rules pour Cobol version 7.0.0 à 7.1.4 ; | ||
| IBM | WebSphere | IBM WebSphere ILOG Rules pour z/OS version 7.0.0 à 7.1.4. | ||
| IBM | WebSphere | IBM WebSphere ILOG JRules version 7.0.0 à 7.1.1.4 ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM WebSphere Operanital Decision Management version 7.5.0.0 \u00e0 8.0.0.0 ;",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere ILOG Rules pour Cobol version 7.0.0 \u00e0 7.1.4 ;",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere ILOG Rules pour z/OS version 7.0.0 \u00e0 7.1.4.",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM WebSphere ILOG JRules version 7.0.0 \u00e0 7.1.1.4 ;",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM ISS X-Force 74833 du 08 juin 2012 :",
"url": "http://xforce.iss.net/xforce/xfdb/74833"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 IBM ISS X-Force 74832 du 08 juin 2012 :",
"url": "http://xforce.iss.net/xforce/xfdb/74832"
}
],
"reference": "CERTA-2012-AVI-391",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nWebSphere\u003c/span\u003e. Elles affectent toutes les deux le composant IEHS (IBM\nEclipse Help System). La premi\u00e8re concerne une injection de code\nindirecte \u00e0 distance (XSS) et la deuxi\u00e8me est une redirection d\u0027URL.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21600616 du 05 juillet 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21600616"
}
]
}
CERTA-2012-AVI-742
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans IBM Tivoli Storage Manager FastBack. Elle concerne une injection de code indirecte à distance (XSS) pouvant mener un utilisateur malintentionné à acquérir des informations sur la navigation des victimes.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM Tivoli Storage Manager FastBack pour Workstations Central Administration Console version 6.1.0.0 à 6.3.0.3
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM Tivoli Storage Manager FastBack pour Workstations Central Administration Console version 6.1.0.0 \u00e0 6.3.0.3\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2012-AVI-742",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eIBM Tivoli\nStorage Manager FastBack\u003c/span\u003e. Elle concerne une injection de code\nindirecte \u00e0 distance (XSS) pouvant mener un utilisateur malintentionn\u00e9 \u00e0\nacqu\u00e9rir des informations sur la navigation des victimes.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans IBM FB4WKSTNS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21620352 du 13 d\u00e9cembre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620352"
}
]
}
CERTA-2012-AVI-742
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans IBM Tivoli Storage Manager FastBack. Elle concerne une injection de code indirecte à distance (XSS) pouvant mener un utilisateur malintentionné à acquérir des informations sur la navigation des victimes.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM Tivoli Storage Manager FastBack pour Workstations Central Administration Console version 6.1.0.0 à 6.3.0.3
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM Tivoli Storage Manager FastBack pour Workstations Central Administration Console version 6.1.0.0 \u00e0 6.3.0.3\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2012-AVI-742",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eIBM Tivoli\nStorage Manager FastBack\u003c/span\u003e. Elle concerne une injection de code\nindirecte \u00e0 distance (XSS) pouvant mener un utilisateur malintentionn\u00e9 \u00e0\nacqu\u00e9rir des informations sur la navigation des victimes.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans IBM FB4WKSTNS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21620352 du 13 d\u00e9cembre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620352"
}
]
}
CERTA-2013-AVI-082
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM InfoSphere Information Server. Certaines d'entre elles permettent à un attaquant d'exécuter du code arbitraire au moyen d'un fichier DLL spécialement conçu.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM InfoSphere Information Server version 8.7",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Information Server version 8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Information Server version 8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0702",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0702"
},
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-0701",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0701"
},
{
"name": "CVE-2012-4832",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4832"
},
{
"name": "CVE-2012-0705",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0705"
},
{
"name": "CVE-2012-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0205"
},
{
"name": "CVE-2012-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0703"
},
{
"name": "CVE-2012-0700",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0700"
},
{
"name": "CVE-2012-4819",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4819"
},
{
"name": "CVE-2012-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0501"
},
{
"name": "CVE-2012-0203",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0203"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
},
{
"name": "CVE-2012-0204",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0204"
}
],
"links": [],
"reference": "CERTA-2013-AVI-082",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-01-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM InfoSphere Information Server\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant d\u0027ex\u00e9cuter du code arbitraire au\nmoyen d\u0027un fichier DLL sp\u00e9cialement con\u00e7u.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM InfoSphere Information Server Suite",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21623501 du 25 janvier 2013",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"
}
]
}
CERTA-2013-AVI-140
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans IBM Data Studio Help System. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM Data Studio Help System versions antérieures à 3.2
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM Data Studio Help System versions ant\u00e9rieures \u00e0 3.2\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2013-0467",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0467"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2013-AVI-140",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM Data Studio Help System\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nune injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Data Studio Help System",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21625573 du 15 f\u00e9vrier 2013",
"url": "https://www.ibm.com/support/docview.wss?uid=swg21625573"
}
]
}
CERTA-2013-AVI-139
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits IBM . Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Tivoli | IBM Tivoli Service Request Manager versions 7.2, 7.1, et 6.2 | ||
| IBM | N/A | IBM Maximo Asset Management versions 7.5, 7.1, et 6.2 | ||
| IBM | Tivoli | IBM Tivoli Change and Configuration Management Database versions 7.2 et 7.1 | ||
| IBM | Tivoli | IBM Tivoli Asset Management IT versions 7.2, 7.1, et 6.2 | ||
| IBM | N/A | IBM Maximo Asset Management Essentials versions 7.5, 7.1, et 6.2 | ||
| IBM | N/A | IBM SmartCloud Control Desk version 7.5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Tivoli Service Request Manager versions 7.2, 7.1, et 6.2",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Maximo Asset Management versions 7.5, 7.1, et 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Change and Configuration Management Database versions 7.2 et 7.1",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli Asset Management IT versions 7.2, 7.1, et 6.2",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Maximo Asset Management Essentials versions 7.5, 7.1, et 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM SmartCloud Control Desk version 7.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3316"
},
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-3322",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3322"
},
{
"name": "CVE-2012-6355",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6355"
},
{
"name": "CVE-2012-3321",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3321"
},
{
"name": "CVE-2012-3327",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3327"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
},
{
"name": "CVE-2012-6356",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6356"
},
{
"name": "CVE-2013-0457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0457"
},
{
"name": "CVE-2012-6357",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6357"
},
{
"name": "CVE-2012-3328",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3328"
}
],
"links": [],
"reference": "CERTA-2013-AVI-139",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e . Elles permettent \u00e0 un attaquant\nde provoquer un contournement de la politique de s\u00e9curit\u00e9, une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21625624 du 15 f\u00e9vrier 2013",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
}
]
}
CERTA-2012-AVI-735
Vulnerability from certfr_avis - Published: - Updated:
Trois vulnérabilités ont été corrigées dans IBM Rational Publishing Engine (RPE). La première concerne le composant Java Runtime Environment. La seconde permet de rediriger la navigation Web d'un utilisateur vers un site illégitime. La dernière affecte le système d'aide et peut mener un utilisateur malintentionné à effectuer des injections de codes indirectes à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Rational Publishing Engine 1.1.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Publishing Engine 1.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Publishing Engine 1.1.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Publishing Engine 1.1.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0501"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2012-AVI-735",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Trois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nRational Publishing Engine\u003c/span\u003e (RPE). La premi\u00e8re concerne le\ncomposant \u003cspan class=\"textit\"\u003eJava Runtime Environment\u003c/span\u003e. La\nseconde permet de rediriger la navigation Web d\u0027un utilisateur vers un\nsite ill\u00e9gitime. La derni\u00e8re affecte le syst\u00e8me d\u0027aide et peut mener un\nutilisateur malintentionn\u00e9 \u00e0 effectuer des injections de codes\nindirectes \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Rational Publishing Engine",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21617746 du 12 d\u00e9cembre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21617746"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21619410 du 12 d\u00e9cembre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21619410"
}
]
}
CERTA-2012-AVI-534
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités ont été corrigées dans IBM Rational Change. Elles concernent des injections de codes indirectes à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IBM Rational Change version 5.3.0.4
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eIBM Rational Change version 5.3.0.4\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2012-AVI-534",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nRational Change\u003c/span\u003e. Elles concernent des injections de codes\nindirectes \u00e0 distance (XSS).\n",
"title": "Vuln\u00e9rabilit\u00e9s dans IBM Rational Change",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21612273 du 26 septembre",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612273"
}
]
}
CERTA-2012-AVI-735
Vulnerability from certfr_avis - Published: - Updated:
Trois vulnérabilités ont été corrigées dans IBM Rational Publishing Engine (RPE). La première concerne le composant Java Runtime Environment. La seconde permet de rediriger la navigation Web d'un utilisateur vers un site illégitime. La dernière affecte le système d'aide et peut mener un utilisateur malintentionné à effectuer des injections de codes indirectes à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Rational Publishing Engine 1.1.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Publishing Engine 1.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Publishing Engine 1.1.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Rational Publishing Engine 1.1.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2159",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2159"
},
{
"name": "CVE-2012-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0501"
},
{
"name": "CVE-2012-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2161"
}
],
"links": [],
"reference": "CERTA-2012-AVI-735",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "Trois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nRational Publishing Engine\u003c/span\u003e (RPE). La premi\u00e8re concerne le\ncomposant \u003cspan class=\"textit\"\u003eJava Runtime Environment\u003c/span\u003e. La\nseconde permet de rediriger la navigation Web d\u0027un utilisateur vers un\nsite ill\u00e9gitime. La derni\u00e8re affecte le syst\u00e8me d\u0027aide et peut mener un\nutilisateur malintentionn\u00e9 \u00e0 effectuer des injections de codes\nindirectes \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Rational Publishing Engine",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21617746 du 12 d\u00e9cembre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21617746"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21619410 du 12 d\u00e9cembre 2012",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21619410"
}
]
}
FKIE_CVE-2012-2161
Vulnerability from fkie_nvd - Published: 2012-06-20 10:27 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | security_appscan_source | 7.0 | |
| ibm | security_appscan_source | 8.0 | |
| ibm | security_appscan_source | 8.0.0.1 | |
| ibm | security_appscan_source | 8.0.0.2 | |
| ibm | security_appscan_source | 8.5 | |
| ibm | security_appscan_source | 8.5.0.1 | |
| ibm | spss_data_collection | 6.0 | |
| ibm | spss_data_collection | 6.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A8F522-B785-4C9D-B133-D895B8A5D0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3EC310D-7C7F-4B5A-AFFC-58A38B67A0CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66B37DEF-109F-4769-901C-DD8B33DEA054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA1883D-1576-43B9-904A-536C0C249112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6990B7A5-3C72-494B-A512-23E508B71CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBE84BDC-3AC4-4BD2-9BF8-3C6C5E1DCF56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:spss_data_collection:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED735680-3700-4744-857C-EA2F005D89E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:spss_data_collection:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "673496DB-11BB-4FEB-9772-175F5D45859F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en deferredView.jsp in IBM Eclipse Help System (IEHS), tal como se utiliza en IBM Security AppScan Fuente v7.x y v8.x anterior a v8,6 y PASW Data Collection Developer Library v6.0 y v6.0.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un URL malicioso."
}
],
"id": "CVE-2012-2161",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-20T10:27:28.223",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
},
{
"source": "psirt@us.ibm.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74833"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2012-2161
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-2161",
"description": "Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.",
"id": "GSD-2012-2161"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2012-2161"
],
"details": "Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.",
"id": "GSD-2012-2161",
"modified": "2023-12-13T01:20:15.982177Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "iehs-multiple-xss(74833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74833"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21598423",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21596690",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:security_appscan_source:8.5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:security_appscan_source:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:security_appscan_source:8.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:security_appscan_source:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:security_appscan_source:8.0.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ibm:spss_data_collection:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:spss_data_collection:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2161"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21596690",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21598423",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
},
{
"name": "iehs-multiple-xss(74833)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74833"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2017-08-29T01:31Z",
"publishedDate": "2012-06-20T10:27Z"
}
}
}
GHSA-QPHJ-3VQC-57H9
Vulnerability from github – Published: 2022-05-17 01:46 – Updated: 2022-05-17 01:46
VLAI?
Details
Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
{
"affected": [],
"aliases": [
"CVE-2012-2161"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-06-20T10:27:00Z",
"severity": "MODERATE"
},
"details": "Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.",
"id": "GHSA-qphj-3vqc-57h9",
"modified": "2022-05-17T01:46:34Z",
"published": "2022-05-17T01:46:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2161"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74833"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596690"
},
{
"type": "WEB",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…