CVE-2012-3296: XSS
First published: Fri Aug 17 2012(Updated: )
Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Power Hardware Management Console Firmware | =7r7.1.0 | |
| IBM Power Hardware Management Console Firmware | =7r7.1.0-sp0 | |
| IBM Power Hardware Management Console Firmware | =7r7.1.0-sp1 | |
| IBM Power Hardware Management Console Firmware | =7r7.1.0-sp2 | |
| IBM Power Hardware Management Console Firmware | =7r7.1.0-sp3 | |
| IBM Power Hardware Management Console Firmware | =7r7.2.0 | |
| IBM Power Hardware Management Console Firmware | =7r7.2.0-sp0 | |
| IBM Power Hardware Management Console Firmware | =7r7.2.0-sp1 | |
| IBM Power Hardware Management Console Firmware | =7r7.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/50376
- http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617
- http://www.ibm.com/support/docview.wss?uid=isg1MB03488
- http://www.ibm.com/support/docview.wss?uid=isg1MB03489
- http://www.ibm.com/support/docview.wss?uid=isg1MB03494
- http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253
- http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257
- http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258
- http://www.securitytracker.com/id?1027433
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77288
Frequently Asked Questions
What is the severity of CVE-2012-3296?
CVE-2012-3296 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2012-3296?
To fix CVE-2012-3296, upgrade your IBM Power Hardware Management Console to version 7R7.1.0 SP4 or higher, 7R7.2.0 SP2 or higher, or 7R7.3.0.
Who is affected by CVE-2012-3296?
CVE-2012-3296 affects IBM Power Hardware Management Console versions 7R7.1.0, 7R7.2.0, and 7R7.3.0, specifically before their respective service packs.
What type of attack can be executed using CVE-2012-3296?
CVE-2012-3296 can allow remote attackers to perform cross-site scripting (XSS) attacks by injecting arbitrary web scripts or HTML.
What is the initial release date of CVE-2012-3296?
CVE-2012-3296 was initially published on July 9, 2012.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm power hardware management console firmware
- version/ibm power hardware management console firmware/7r7.1.0
- version/ibm power hardware management console firmware/7r7.1.0-sp0
- version/ibm power hardware management console firmware/7r7.1.0-sp1
- version/ibm power hardware management console firmware/7r7.1.0-sp2
- version/ibm power hardware management console firmware/7r7.1.0-sp3
- version/ibm power hardware management console firmware/7r7.2.0
- version/ibm power hardware management console firmware/7r7.2.0-sp0
- version/ibm power hardware management console firmware/7r7.2.0-sp1
- version/ibm power hardware management console firmware/7r7.3.0