Vulnerability-Lookup

FKIE_CVE-2012-2955

Vulnerability from fkie_nvd - Published: 2012-07-20 10:40 - Updated: 2025-04-11 00:51

Severity ?

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string.

References

URL	Tags
cret@cert.org	http://osvdb.org/84014
cret@cert.org	http://secunia.com/advisories/49897
cret@cert.org	http://www-01.ibm.com/support/docview.wss?uid=swg21605626
cret@cert.org	http://www.kb.cert.org/vuls/id/659791	US Government Resource
cret@cert.org	http://www.securityfocus.com/bid/54486
cret@cert.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/76798
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/84014
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49897
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21605626
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/659791	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/54486
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/76798

Impacted products

Vendor	Product	Version
ibm	proventia_network_mail_security_system_firmware	2.5
ibm	proventia_network_mail_security_system_firmware	2.5.0.2
ibm	proventia_network_mail_security_system_firmware	2.5.1
ibm	proventia_network_mail_security_system_firmware	2.6
ibm	proventia_network_mail_security_system_firmware	2.8
ibm	proventia_network_mail_security_system	*
ibm	proventia_network_mail_security_system	ms3004
ibm	lotus_protector_for_mail_security	2.1
ibm	lotus_protector_for_mail_security	2.5
ibm	lotus_protector_for_mail_security	2.5.1
ibm	lotus_protector_for_mail_security	2.8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B13DDF-DCD6-4C10-B533-0C25FE966007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99B0275-98EE-48EA-B454-E13EC6521F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBC5F27-E6F2-4B18-AEC5-3032207FAD25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0D45AC4-6028-44DB-BFC6-24D105FBB2C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1090D84-2202-47C5-97F5-781543BB74BC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:ibm:proventia_network_mail_security_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FE2B207-9C49-4107-9109-A6E9D1D610C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:ibm:proventia_network_mail_security_system:ms3004:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C5ABA88-890A-41E7-9651-624FBE1D1068",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31F356BD-5E3C-4426-B315-86F681E2F6A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "068537DC-785E-45E2-9B04-245621B48BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCE408A-BD6C-4D2C-8F37-132394729729",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9277E17-F3EC-4E8B-B4E0-629966D7EB89",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la interfaz de usuario administrativo de IBM Lotus Protector for Mail Security v2.1, v2.5, v2.5.1 y v2.8 e IBM ISS Proventia Network Mail Security System permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la cadena de consulta."
    }
  ],
  "id": "CVE-2012-2955",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-07-20T10:40:37.000",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://osvdb.org/84014"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/49897"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605626"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/659791"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/54486"
    },
    {
      "source": "cret@cert.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/84014"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/659791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76798"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-2955 (GCVE-0-2012-2955)

Vulnerability from cvelistv5 – Published: 2012-07-20 10:00 – Updated: 2024-08-06 19:50

Summary

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

Tags

	http://osvdb.org/84014	vdb-entryx_refsource_OSVDB
	http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/659791	third-party-advisoryx_refsource_CERT-VN
	http://secunia.com/advisories/49897	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/54486	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:50:05.312Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "84014",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/84014"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605626"
          },
          {
            "name": "VU#659791",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/659791"
          },
          {
            "name": "49897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49897"
          },
          {
            "name": "54486",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/54486"
          },
          {
            "name": "lotus-protector-xss(76798)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76798"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-07-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-21T17:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "84014",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/84014"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605626"
        },
        {
          "name": "VU#659791",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/659791"
        },
        {
          "name": "49897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49897"
        },
        {
          "name": "54486",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/54486"
        },
        {
          "name": "lotus-protector-xss(76798)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76798"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2012-2955",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "84014",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/84014"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21605626",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21605626"
            },
            {
              "name": "VU#659791",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/659791"
            },
            {
              "name": "49897",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49897"
            },
            {
              "name": "54486",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/54486"
            },
            {
              "name": "lotus-protector-xss(76798)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76798"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2012-2955",
    "datePublished": "2012-07-20T10:00:00",
    "dateReserved": "2012-05-30T00:00:00",
    "dateUpdated": "2024-08-06T19:50:05.312Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2012-2955

CVE-2012-2955 (GCVE-0-2012-2955)

Tags

Sightings

Nomenclature