CVE-2012-2171

Currently unrated

Key Information:

Vendor: IBM
Status: Ds Storage Manager Host Software; Ds4100; Ds4200; Ds4300
Vendor: CVE Published:; 22 June 2012

Summary

SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.

References

http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/75236

vdb-entryx_refsource_XF

http://www.ibm.com/connections/blogs/PSIRT/entry/secbulle...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 22, 2012
Vulnerability Reserved
Apr 4, 2012