CVE-2012-2955

{"id": "CVE-2012-2955", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-07-20T10:40:37.000", "references": [{"url": "http://osvdb.org/84014", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/49897", "source": "cret@cert.org"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605626", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/659791", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/54486", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76798", "source": "cret@cert.org"}, {"url": "http://osvdb.org/84014", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/49897", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605626", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/659791", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/54486", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76798", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la interfaz de usuario administrativo de IBM Lotus Protector for Mail Security v2.1, v2.5, v2.5.1 y v2.8 e IBM ISS Proventia Network Mail Security System permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la cadena de consulta."}], "lastModified": "2024-11-21T01:40:01.083", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37B13DDF-DCD6-4C10-B533-0C25FE966007"}, {"criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99B0275-98EE-48EA-B454-E13EC6521F32"}, {"criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BBC5F27-E6F2-4B18-AEC5-3032207FAD25"}, {"criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0D45AC4-6028-44DB-BFC6-24D105FBB2C2"}, {"criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1090D84-2202-47C5-97F5-781543BB74BC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ibm:proventia_network_mail_security_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FE2B207-9C49-4107-9109-A6E9D1D610C6"}, {"criteria": "cpe:2.3:h:ibm:proventia_network_mail_security_system:ms3004:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C5ABA88-890A-41E7-9651-624FBE1D1068"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31F356BD-5E3C-4426-B315-86F681E2F6A8"}, {"criteria": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "068537DC-785E-45E2-9B04-245621B48BB4"}, {"criteria": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FCE408A-BD6C-4D2C-8F37-132394729729"}, {"criteria": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9277E17-F3EC-4E8B-B4E0-629966D7EB89"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}