CVE-2012-2536

{"id": "CVE-2012-2536", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-09-11T18:55:01.050", "references": [{"url": "http://www.securityfocus.com/bid/55430", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA12-255A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-062", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15781", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/55430", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA12-255A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-062", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15781", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka \"Reflected XSS Vulnerability.\""}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Microsoft Systems Management Server 2003 Service Pack 3 y System Center Configuration Manager 2007 SP2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados. Se trata de un problema tambi\u00e9n conocido como \"Vulnerabilidad XSS reflejado\".\r\n"}], "lastModified": "2024-11-21T01:39:12.203", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:system_center_configuration_manager:2007:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83CF27A5-BE0C-4F3C-8650-A8984E14F0D0"}, {"criteria": "cpe:2.3:a:microsoft:systems_management_server:2003:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8ED204E-F7ED-497F-883C-C8F0C7ACE632"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}