Lucene search

[email protected]CVE-2012-2955

HistoryJul 20, 2012 - 10:40 a.m.

CVE-2012-2955

2012-07-2010:40:00

CWE-79

[email protected]

web.nvd.nist.gov

ibm

lotus protector

mail security

xss

vulnerability

ibm iss proventia

network mail security system

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string.

CPENameOperatorVersion
ibm:proventia_network_mail_security_system_firmwareibm proventia network mail security system firmwareeq2.5
ibm:proventia_network_mail_security_system_firmwareibm proventia network mail security system firmwareeq2.5.0.2
ibm:proventia_network_mail_security_system_firmwareibm proventia network mail security system firmwareeq2.5.1
ibm:proventia_network_mail_security_system_firmwareibm proventia network mail security system firmwareeq2.6
ibm:proventia_network_mail_security_system_firmwareibm proventia network mail security system firmwareeq2.8
ibm:proventia_network_mail_security_systemibm proventia network mail security systemeq*
ibm:proventia_network_mail_security_systemibm proventia network mail security systemeqms3004
ibm:lotus_protector_for_mail_securityibm lotus protector for mail securityeq2.8
ibm:lotus_protector_for_mail_securityibm lotus protector for mail securityeq2.1
ibm:lotus_protector_for_mail_securityibm lotus protector for mail securityeq2.5

CPE	Name	Operator	Version
ibm:proventia_network_mail_security_system_firmware	ibm proventia network mail security system firmware	eq	2.5
ibm:proventia_network_mail_security_system_firmware	ibm proventia network mail security system firmware	eq	2.5.0.2
ibm:proventia_network_mail_security_system_firmware	ibm proventia network mail security system firmware	eq	2.5.1
ibm:proventia_network_mail_security_system_firmware	ibm proventia network mail security system firmware	eq	2.6
ibm:proventia_network_mail_security_system_firmware	ibm proventia network mail security system firmware	eq	2.8
ibm:proventia_network_mail_security_system	ibm proventia network mail security system	eq	*
ibm:proventia_network_mail_security_system	ibm proventia network mail security system	eq	ms3004
ibm:lotus_protector_for_mail_security	ibm lotus protector for mail security	eq	2.8
ibm:lotus_protector_for_mail_security	ibm lotus protector for mail security	eq	2.1
ibm:lotus_protector_for_mail_security	ibm lotus protector for mail security	eq	2.5

Rows per page:

1-10 of 111

References

osvdb.org/84014

secunia.com/advisories/49897

www-01.ibm.com/support/docview.wss?uid=swg21605626

www.kb.cert.org/vuls/id/659791

www.securityfocus.com/bid/54486

exchange.xforce.ibmcloud.com/vulnerabilities/76798

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for CVE-2012-2955

cvelist1 prion1 cert1