CVE-2012-2171

IBM DS Storage Manager Host Software < 10.83 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.

Exploits (1)

exploitdb WRITEUP

webappswindows

https://www.exploit-db.com/exploits/19321

View on exploitdb

References (3)

[Vendor Advisory] http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75236

[Third Party Advisory] http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt

Scores

EPSS 0.0151

EPSS Percentile 80.9%

Classification

CWE

CWE-89

Status draft

Affected Products (21)

ibm/ds_storage_manager_host_software < 10.83

ibm/ds_storage_manager_host_software

ibm/ds4100

ibm/ds4200

ibm/ds4300

ibm/ds4400

ibm/ds4500

ibm/ds4700

ibm/ds4800

ibm/system_storage_dcs3700_storage_subsystem

ibm/system_storage_ds3200

ibm/system_storage_ds3300

ibm/system_storage_ds3400

... and 6 more

Timeline

Published Jun 22, 2012

Tracked Since Feb 18, 2026