CVE-2012-2171

IBM DS Storage Manager Host Software < 10.83 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.

Exploits (1)

exploitdb WRITEUP

webappswindows

https://www.exploit-db.com/exploits/19321

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/75236

[Third Party Advisory] http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt

Scores

EPSS 0.0265

EPSS Percentile 85.8%

Details

CWE

CWE-89

Status published

Products (21)

ibm/ds4100

ibm/ds4100 1724

ibm/ds4200 1814

ibm/ds4300 1722

ibm/ds4400 1742

ibm/ds4500 1742

ibm/ds4700 1814

ibm/ds4800 1815

ibm/ds_storage_manager_host_software 10.8

ibm/ds_storage_manager_host_software 10.60.x5.14

... and 11 more

Published Jun 22, 2012

Tracked Since Feb 18, 2026