Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5956

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-5956
Last Modified 28 Dec 2012 12:00:00
Published 11 Dec 2012 07:18:37
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-5956

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element.

Vulnerable Systems

Application

  • Manageengine Assetexplorer 5.6

  • Zohocorp Manageengine Assetexplorer 5.6


References

CERT-VN - VU#571068

CONFIRM - http://www.manageengine.com/products/asset-explorer/sp-readme.html


Last Updated: 27 May 2016 11:01:30