Skip to main content

Tivoli Monitoring CVE-2012-3297

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2012-12-08 psirt@us.ibm.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 08, 2012 - 15:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

AnalysisAI

Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Affected products include: Ibm Tivoli Monitoring. Version information: before 6.2.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2012-4823 CRITICAL
9.3 Jan 11

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 an

CVE-2017-1635 HIGH
8.0 Dec 13

IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-

CVE-2012-4822 CRITICAL
9.3 Jan 11

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Jav

CVE-2012-4820 CRITICAL
9.3 Jan 11

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 an

CVE-2012-4821 CRITICAL
9.3 Jan 11

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Jav

CVE-2015-7411 CRITICAL
9.9 Mar 12

The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remo

CVE-2015-5003 HIGH
8.5 Jan 03

The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authe

CVE-2014-6141 HIGH
8.5 Feb 02

IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 be

CVE-2017-1182 HIGH
7.5 Jul 17

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the sys

CVE-2016-2946 HIGH
7.8 Dec 01

Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2

CVE-2017-1183 HIGH
7.5 Jul 17

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Ser

CVE-2017-1181 HIGH
7.0 Jul 17

IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitorin

Share

CVE-2012-3297 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy