Lucene search
CertccCVE-2012-2955HistoryJul 20, 2012 - 10:40 a.m.
CVE-2012-2955
2012-07-2010:40:37
CWE-79
certcc
web.nvd.nist.gov
25
ibm
lotus protector
mail security
xss
vulnerability
ibm iss proventia
network mail security system
nvd
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.003
Percentile
69.9%
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string.
Affected configurations
Node
ibmproventia_network_mail_security_system_firmwareMatch2.5
ORibmproventia_network_mail_security_system_firmwareMatch2.5.0.2
ORibmproventia_network_mail_security_system_firmwareMatch2.5.1
ORibmproventia_network_mail_security_system_firmwareMatch2.6
ORibmproventia_network_mail_security_system_firmwareMatch2.8
ibmproventia_network_mail_security_system
ORibmproventia_network_mail_security_systemMatchms3004
Node
ibmlotus_protector_for_mail_securityMatch2.1
ORibmlotus_protector_for_mail_securityMatch2.5
ORibmlotus_protector_for_mail_securityMatch2.5.1
ORibmlotus_protector_for_mail_securityMatch2.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | proventia_network_mail_security_system_firmware | 2.5 | cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5:*:*:*:*:*:*:* |
| ibm | proventia_network_mail_security_system_firmware | 2.5.0.2 | cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.0.2:*:*:*:*:*:*:* |
| ibm | proventia_network_mail_security_system_firmware | 2.5.1 | cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.5.1:*:*:*:*:*:*:* |
| ibm | proventia_network_mail_security_system_firmware | 2.6 | cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.6:*:*:*:*:*:*:* |
| ibm | proventia_network_mail_security_system_firmware | 2.8 | cpe:2.3:o:ibm:proventia_network_mail_security_system_firmware:2.8:*:*:*:*:*:*:* |
| ibm | proventia_network_mail_security_system | * | cpe:2.3:h:ibm:proventia_network_mail_security_system:*:*:*:*:*:*:*:* |
| ibm | proventia_network_mail_security_system | ms3004 | cpe:2.3:h:ibm:proventia_network_mail_security_system:ms3004:*:*:*:*:*:*:* |
| ibm | lotus_protector_for_mail_security | 2.1 | cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.1:*:*:*:*:*:*:* |
| ibm | lotus_protector_for_mail_security | 2.5 | cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5:*:*:*:*:*:*:* |
| ibm | lotus_protector_for_mail_security | 2.5.1 | cpe:2.3:a:ibm:lotus_protector_for_mail_security:2.5.1:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2012-2955
2012-07-20 10:00:00
prion
prion
Cross site scripting
2012-07-20 10:40:00
nvd
nvd
CVE-2012-2955
2012-07-20 10:40:37
cert
cert
IBM ISS Proventia Mail Security contains multiple vulnerabilities
2012-07-25 00:00:00
exploitdb
exploitdb
IBM Proventia Network Mail Security System 2.5 - POST File Read
2012-08-08 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.003
Percentile
69.9%
Related for CVE-2012-2955