CVE-2012-3297

IBM Tivoli Monitoring <6.2.2-TIV-ITM-FP0009, <6.3.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

References (3)

[Patch, Vendor Advisory] https://www.ibm.com/support/docview.wss?uid=swg21618972

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/77291

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027850

Scores

EPSS 0.0027

EPSS Percentile 49.9%

Details

CWE

CWE-79

Status published

Products (3)

ibm/tivoli_monitoring

n/a/n/a

Published Dec 08, 2012

Tracked Since Feb 18, 2026