CVE-2012-2172

Name of the Vulnerable Software and Affected Versions IBM System Storage DS Storage Manager versions prior to 10.83.xx.18

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the updateRegn parameter in the SoftwareRegistration.do component of the Storage Manager Profiler on DS Series devices.

Recommendations For versions prior to 10.83.xx.18, update to version 10.83.xx.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the SoftwareRegistration.do component to minimize the risk of exploitation. Avoid using the updateRegn parameter in the affected API endpoint until the issue is resolved.