CVE-2012-2955

IBM Lotus Protector for Mail Security 2.1-2.8 XSS via Query String

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2955. PoCs published by muts.

AI-analyzed exploit summary This exploit demonstrates a post-authentication arbitrary file read vulnerability in IBM ISS Proventia Mail Security 2.5. It uses HTTP Basic Auth to authenticate and then sends a crafted request to read files via path traversal.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string.

Exploits (1)

exploitdb WORKING POC VERIFIED

by muts · pythonwebappswindows

https://www.exploit-db.com/exploits/20368

View Code ZIP pw:eip

This exploit demonstrates a post-authentication arbitrary file read vulnerability in IBM ISS Proventia Mail Security 2.5. It uses HTTP Basic Auth to authenticate and then sends a crafted request to read files via path traversal.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: IBM ISS Proventia Mail Security 2.5

Auth required

Prerequisites: Valid credentials for the target system · Network access to the target

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Various Sources x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=swg21605626

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/84014

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/659791

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/49897

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/54486

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/76798

Scores

EPSS 0.0248

EPSS Percentile 82.4%

Details

CWE

CWE-79

Status published

Products (11)

ibm/lotus_protector_for_mail_security 2.1

ibm/lotus_protector_for_mail_security 2.5

ibm/lotus_protector_for_mail_security 2.5.1

ibm/lotus_protector_for_mail_security 2.8

ibm/proventia_network_mail_security_system

ibm/proventia_network_mail_security_system ms3004

ibm/proventia_network_mail_security_system_firmware 2.5

ibm/proventia_network_mail_security_system_firmware 2.5.0.2

ibm/proventia_network_mail_security_system_firmware 2.5.1

ibm/proventia_network_mail_security_system_firmware 2.6

... and 1 more

Published Jul 20, 2012

Tracked Since Feb 18, 2026