1. Home
  2. CVE Database
  3. CVE-2012-2172
MEDIUM · 4.3

CVE-2012-2172

Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attac...

Vulnerability Description

Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
IbmDs Storage Manager Host Software<= 10.83
IbmDs4100All versions
IbmDs42001814
IbmDs43001722
IbmDs44001742
IbmDs45001742
IbmDs47001814
IbmDs48001815
IbmSystem Storage Dcs3700 Storage Subsystem1818
IbmSystem Storage Ds32001726
IbmSystem Storage Ds33001726
IbmSystem Storage Ds34001726
IbmSystem Storage Ds35121746
IbmSystem Storage Ds35241746
IbmSystem Storage Ds3950 Express1814
IbmSystem Storage Ds5020 Disk Controller1814-20a
IbmSystem Storage Ds5100 Storage Controller1818
IbmSystem Storage Ds5300 Storage Controller1818

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2012-2172?

CVE-2012-2172 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attac...

How severe is CVE-2012-2172?

CVE-2012-2172 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-2172?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Ds Storage Manager Host Software, Ibm Ds4100, Ibm Ds4200, Ibm Ds4300, Ibm Ds4400.