SQL Injection Vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution
CVE-2012-0199

Currently unrated

Key Information:

Vendor: IBM
Status: Tivoli Provisioning Manager Express For Software Distribution
Vendor: CVE Published:; 6 March 2012

What is CVE-2012-0199?

IBM Tivoli Provisioning Manager Express for Software Distribution version 4.1.1 contains multiple SQL injection vulnerabilities that can be exploited by remote attackers. These vulnerabilities arise from improper handling of input in various servlet functions, specifically allowing arbitrary SQL commands execution. Attackers may target functions such as Printer.getPrinterAgentKey, User.updateUserValue, User.isExistingUser, and others to gain unauthorized access and manipulate database information. Proper validation and sanitization measures are critical to prevent such exploitation.

References

http://www.zerodayinitiative.com/advisories/ZDI-12-040/

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/73034

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2012
Vulnerability Reserved
Dec 14, 2011