CVE-2012-2171
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.
Informations du CVE
Faiblesses connexes
| Nom de la faiblesse | Source | |
|---|---|---|
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 6.5 | AV:N/AC:L/Au:S/C:P/I:P/A:P | nvd@nist.gov |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 19321
Date de publication : 2012-06-20 22h00 +00:00
Auteur : LiquidWorm
EDB Vérifié : No
IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities
Vendor: IBM Corporation
Product web page: http://www.ibm.com
Affected version: 4.8.6
Summary: Through its extraordinary flexibility, reliability, and performance,
the IBM® System Storage® series is designed to manage a broad scope of storage
workloads that exist in todays complex data center and do it effectively and
efficiently. This flagship IBM disk system can bring simplicity to your storage
environment by supporting a mix of random and sequential I/O workloads for a mix
of interactive and batch applications, regardless of whether they are running on
one of todays popular distributed server platforms or on the mainframe.
Desc: IBM System Storage DS Storage Manager Profiler suffers from an SQL Injection
and a Cross-Site Scripting (XSS) vulnerability. Input passed via the GET parameter
'selectedModuleOnly' in 'ModuleServlet.do' script is not properly sanitised before
being returned to the user or used in SQL queries. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code. The GET parameter 'updateRegn' in the
'SoftwareRegistration.do' script is vulnerable to a XSS issue where the attacker can
execute arbitrary HTML and script code in a user's browser session in context of an
affected site.
Tested on: Apache-Coyote/1.1
MySQL
Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Vendor status:
[03.03.2012] Vulnerabilities discovered.
[19.04.2012] Reported vulnerability report to vendor.
[19.04.2012] Vendor acknowledges receipt of the vulnerability report.
[25.04.2012] Asked vendor for confirmation.
[26.04.2012] Vendor confirms the issues, working on mitigation plan.
[01.05.2012] Vendor promises that the updated package will be available in June timeframe.
[05.06.2012] Asked vendor for status update.
[07.06.2012] Vendor replies.
[15.06.2012] Vendor releases fix.
[20.06.2012] Coordinated public security advisory released.
Advisory ID: ZSL-2012-5094
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5094.php
IBM Advisory: https://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172
IBM Fix: http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5090850&brandind=5000008&myns=x008&mync=R
ISS X-Force ID (SQLi): 75236
ISS X-Force URL: http://xforce.iss.net/xforce/xfdb/75236
ISS X-Force ID (XSS): 75239
ISS X-Force URL: http://xforce.iss.net/xforce/xfdb/75239
CVE ID (SQLi): CVE-2012-2171
CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2171
CVE ID (XSS): CVE-2012-2172
CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2172
03.03.2012
-----
XSS: http://10.1.0.3:9000/SoftwareRegistration.do?updateRegn="><script>alert(1);</script>
SQLi: http://10.1.0.3:9000/ModuleServlet?DeviceId=1&state=state_viewmodulelog&selectedModuleOnly=1[SQL QUERY]&selectedModule=1
Products Mentioned
Configuraton 0
Ibm>>Ds_storage_manager_host_software >> Version To (including) 10.83
- Ibm>>Ds_storage_manager_host_software >> Version 10.8 (Open CPE detail)
- Ibm>>Ds_storage_manager_host_software >> Version 10.60.x5.14 (Open CPE detail)
- Ibm>>Ds_storage_manager_host_software >> Version 10.83 (Open CPE detail)
Ibm>>Ds_storage_manager_host_software >> Version 10.8
- Ibm>>Ds_storage_manager_host_software >> Version 10.8 (Open CPE detail)
Ibm>>Ds_storage_manager_host_software >> Version 10.60.x5.14
- Ibm>>Ds_storage_manager_host_software >> Version 10.60.x5.14 (Open CPE detail)
Ibm>>Ds4100 >> Version *
- Ibm>>Ds4100 >> Version - (Open CPE detail)
- Ibm>>Ds4100 >> Version 1724 (Open CPE detail)
Ibm>>Ds4100 >> Version 1724
- Ibm>>Ds4100 >> Version 1724 (Open CPE detail)
Ibm>>Ds4200 >> Version 1814
- Ibm>>Ds4200 >> Version 1814 (Open CPE detail)
Ibm>>Ds4300 >> Version 1722
- Ibm>>Ds4300 >> Version 1722 (Open CPE detail)
Ibm>>Ds4400 >> Version 1742
- Ibm>>Ds4400 >> Version 1742 (Open CPE detail)
Ibm>>Ds4500 >> Version 1742
- Ibm>>Ds4500 >> Version 1742 (Open CPE detail)
Ibm>>Ds4700 >> Version 1814
- Ibm>>Ds4700 >> Version 1814 (Open CPE detail)
Ibm>>Ds4800 >> Version 1815
- Ibm>>Ds4800 >> Version 1815 (Open CPE detail)
Ibm>>System_storage_dcs3700_storage_subsystem >> Version 1818
- Ibm>>System_storage_dcs3700_storage_subsystem >> Version 1818 (Open CPE detail)
Ibm>>System_storage_ds3200 >> Version 1726
- Ibm>>System_storage_ds3200 >> Version 1726 (Open CPE detail)
Ibm>>System_storage_ds3300 >> Version 1726
- Ibm>>System_storage_ds3300 >> Version 1726 (Open CPE detail)
Ibm>>System_storage_ds3400 >> Version 1726
- Ibm>>System_storage_ds3400 >> Version 1726 (Open CPE detail)
Ibm>>System_storage_ds3512 >> Version 1746
- Ibm>>System_storage_ds3512 >> Version 1746 (Open CPE detail)
Ibm>>System_storage_ds3524 >> Version 1746
- Ibm>>System_storage_ds3524 >> Version 1746 (Open CPE detail)
Ibm>>System_storage_ds3950_express >> Version 1814
- Ibm>>System_storage_ds3950_express >> Version 1814 (Open CPE detail)
Ibm>>System_storage_ds5020_disk_controller >> Version 1814-20a
- Ibm>>System_storage_ds5020_disk_controller >> Version 1814-20a (Open CPE detail)
Ibm>>System_storage_ds5100_storage_controller >> Version 1818
- Ibm>>System_storage_ds5100_storage_controller >> Version 1818 (Open CPE detail)
Ibm>>System_storage_ds5300_storage_controller >> Version 1818
- Ibm>>System_storage_ds5300_storage_controller >> Version 1818 (Open CPE detail)
Références
http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
