Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0199


Vulnerability Score 7.5 7.5
CVE Id CVE-2012-0199
Last Modified 06 Mar 2012 12:00:00
Published 05 Mar 2012 11:18:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the servlet, (3) the User.isExistingUser function in the servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the servlet, or (7) a crafted EG2 file.

Vulnerable Systems


  • Ibm Tivoli Provisioning Manager Express For Software Distribution 4.1.1


XF - tpme-multiple-sql-injection(73034)


Last Updated: 27 May 2016 10:57:26