SQL Injection Vulnerability in IBM System Storage DS Storage Manager
CVE-2012-2171

Currently unrated

Key Information:

Vendor: IBM
Status: Ds Storage Manager Host Software; Ds4100; Ds4200; Ds4300
Vendor: CVE Published:; 22 June 2012

Summary

A SQL injection vulnerability exists in the ModuleServlet.do component of the IBM System Storage DS Storage Manager prior to version 10.83.xx.18. This flaw enables remote authenticated users to execute arbitrary SQL commands through the 'selectedModuleOnly' parameter in the 'state_viewmodulelog' action. It poses a significant risk as it can be exploited to manipulate database information or execute unauthorized queries.

References

http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/75236

vdb-entryx_refsource_XF

http://www.ibm.com/connections/blogs/PSIRT/entry/secbulle...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 22, 2012
Vulnerability Reserved
Apr 4, 2012