IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities

No description provided by source...

CVE-2012-2171

SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a stateviewmodulelog action ...

CVE-2012-2172

Summary of CVE-2012-2171 and CVE-2012-2172 : IBM System Storage DS Storage Manager Profiler (DS Series) is affected. The ModuleServlet.do endpoint in the Storage Manager Profiler is vulnerable to SQL injection (CVE-2012-2171) via the selectedModuleOnly parameter, and CVE-2012-2172 describes a cro...

CVE-2012-2171

CVE-2012-2171 and CVE-2012-2172 affect IBM System Storage DS Storage Manager Profiler on DS Series devices (before 10.83.xx.18). CVE-2012-2171 is an SQL injection in ModuleServlet.do, exploitable by remote authenticated users via the selectedModuleOnly parameter in a state_viewmodulelog action to...

CVE-2012-2172

Cross-site scripting XSS vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter...