Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0199

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-0199
Last Modified 06 Mar 2012 12:00:00
Published 05 Mar 2012 11:18:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0199

Summary

Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file.

Vulnerable Systems

Application

  • Ibm Tivoli Provisioning Manager Express For Software Distribution 4.1.1


References

XF - tpme-multiple-sql-injection(73034)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-12-040/


Last Updated: 27 May 2016 10:57:26