Cross-Site Scripting Vulnerability in IBM System Storage DS Storage Manager
CVE-2012-2172

Currently unrated

Key Information:

Vendor: IBM
Status: Ds Storage Manager Host Software; Ds4100; Ds4200; Ds4300
Vendor: CVE Published:; 22 June 2012

Summary

The vulnerability in the Storage Manager Profiler of IBM System Storage DS Storage Manager allows attackers to exploit the application through improper handling of user input. Specifically, by manipulating the 'updateRegn' parameter, attackers can inject malicious web scripts or HTML, leading to potential unauthorized actions on the affected system. This poses significant risks as it may allow attackers to steal sensitive information or manipulate user sessions.

References

http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/75239

vdb-entryx_refsource_XF

http://www.ibm.com/connections/blogs/PSIRT/entry/secbulle...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 22, 2012
Vulnerability Reserved
Apr 4, 2012