CVE-2012-2171

IBM DS Storage Manager < 10.83 Authenticated SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2171.

AI-analyzed exploit summary The document describes SQL injection and XSS vulnerabilities in IBM System Storage DS Storage Manager Profiler 4.8.6, detailing affected parameters and providing proof-of-concept URLs. It includes vendor coordination timeline and references to advisories.

Description

SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.

Exploits (1)

exploitdb WRITEUP
webappswindows
https://www.exploit-db.com/exploits/19321

The document describes SQL injection and XSS vulnerabilities in IBM System Storage DS Storage Manager Profiler 4.8.6, detailing affected parameters and providing proof-of-concept URLs. It includes vendor coordination timeline and references to advisories.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: IBM System Storage DS Storage Manager Profiler 4.8.6
No auth needed
Prerequisites: Network access to the vulnerable application
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75236

Scores

EPSS 0.0514
EPSS Percentile 91.3%

Details

CWE
CWE-89
Status published
Products (21)
ibm/ds4100
ibm/ds4100 1724
ibm/ds4200 1814
ibm/ds4300 1722
ibm/ds4400 1742
ibm/ds4500 1742
ibm/ds4700 1814
ibm/ds4800 1815
ibm/ds_storage_manager_host_software 10.8
ibm/ds_storage_manager_host_software 10.60.x5.14
... and 11 more
Published Jun 22, 2012
Tracked Since Feb 18, 2026