Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3296

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3296
Last Modified 21 Mar 2013 11:11:21
Published 17 Aug 2012 04:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3296

Summary

Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Ibm Power Hardware Management Console 7r7.1.0

  • Ibm Power Hardware Management Console 7r7.2.0

  • Ibm Power Hardware Management Console 7r7.3.0


References

XF - hmc-login-panel-xss(77288)

CONFIRM - http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258

CONFIRM - http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257

CONFIRM - http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253

AIXAPAR - MB03494

AIXAPAR - MB03489

AIXAPAR - MB03488

CONFIRM - http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617

SECTRACK - 1027433

SECUNIA - 50376


Last Updated: 27 May 2016 10:57:35