nvd-json-data-feeds/CVE-2012/CVE-2012-21xx/CVE-2012-2171.json

{
  "id": "CVE-2012-2171",
  "sourceIdentifier": "psirt@us.ibm.com",
  "published": "2012-06-22T10:24:06.957",
  "lastModified": "2024-11-21T01:38:38.650",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en ModuleServlet.do en Storage Manager Profiler in IBM System Storage DS Storage Manager antes de v10.83.xx.18 de dispositivos de la Serie DS, permite a usuarios remotos autenticados ejecutar comandos SQL a trav\u00e9s del par\u00e1metro selectedModuleOnly en una acci\u00f3n state_viewmodulelog a la URI ModuleServlet."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "baseScore": 6.5,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "10.83",
              "matchCriteriaId": "C3019D7A-C9A4-48D9-BAE9-E03ED79A184F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "52489840-0CBD-4B10-AA5C-77FBD52D2A24"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:ibm:ds_storage_manager_host_software:10.60.x5.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "9752934B-9CFD-4233-885A-63F80F0B2766"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:ds4100:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70E5F14-9F22-4263-B9E2-5CADBCE1BE52"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:ds4100:1724:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE202F3C-2971-492B-9263-4EEEA5762592"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:ds4200:1814:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BC0E7FA-32C0-4C26-AE27-9500E674847B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:ds4300:1722:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A9D7E15-763E-4443-81DA-94418D5643E1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:ds4400:1742:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF34B72A-9608-4883-A2A2-629125D163B2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:ds4500:1742:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D296A9-E67C-449E-B774-FF20A8333187"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:ds4700:1814:*:*:*:*:*:*:*",
              "matchCriteriaId": "75BC52EE-EB60-4C18-9987-36CAE56F67D5"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:ds4800:1815:*:*:*:*:*:*:*",
              "matchCriteriaId": "38291A79-ED22-45ED-80B1-B98F2F92BA66"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:system_storage_dcs3700_storage_subsystem:1818:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDC1691-A4B4-4AE4-A19C-BA2FDF0C28E7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:system_storage_ds3200:1726:*:*:*:*:*:*:*",
              "matchCriteriaId": "B78F6585-8890-477B-AA4F-1A4092DD6F43"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:system_storage_ds3300:1726:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A41183-73AA-4148-90E8-2D34A70E4A9C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:system_storage_ds3400:1726:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A509484-6D73-4F0F-B996-94EF58E36010"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:system_storage_ds3512:1746:*:*:*:*:*:*:*",
              "matchCriteriaId": "48750AB0-08B3-4A60-8102-7BEFB985FB1F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:system_storage_ds3524:1746:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDF9BE45-D6D6-410E-BABB-A834D33A52A8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:system_storage_ds3950_express:1814:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA4ABA37-8B79-414F-9510-458DF0C1064C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:system_storage_ds5020_disk_controller:1814-20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7EA1B8-EC32-444B-9485-F6EFE1B6DD20"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:system_storage_ds5100_storage_controller:1818:*:*:*:*:*:*:*",
              "matchCriteriaId": "979FD97C-0E37-43C9-AB2F-F79FCE15D135"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:h:ibm:system_storage_ds5300_storage_controller:1818:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BAC221F-B825-418F-BE80-BB7A074E346F"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172",
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt",
      "source": "psirt@us.ibm.com"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236",
      "source": "psirt@us.ibm.com"
    },
    {
      "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75236",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
}