CVE-2012-1062 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Manageengine	Applications Manager

Configuration 1 [-]

OR	cpe:2.3:a:manageengine:applications_manager:10.0:::::::*
	cpe:2.3:a:manageengine:applications_manager:10.1:::::::*
	cpe:2.3:a:manageengine:applications_manager:10.2:::::::*
	cpe:2.3:a:manageengine:applications_manager:10.3:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:manageengine:applications_manager:9:::::::*
	cpe:2.3:a:manageengine:applications_manager:9.1:::::::*
	cpe:2.3:a:manageengine:applications_manager:9.2:::::::*
	cpe:2.3:a:manageengine:applications_manager:9.3:::::::*
	cpe:2.3:a:manageengine:applications_manager:9.4:::::::*
	cpe:2.3:a:manageengine:applications_manager:9.5:::::::*

No data.

References

Link	Providers
http://osvdb.org/78721
http://osvdb.org/78722
http://packetstormsecurity.org/files/view/109238/VL-115.txt
http://secunia.com/advisories/47724
http://www.securityfocus.com/bid/51796
http://www.vulnerability-lab.com/get_content.php?id=115
https://exchange.xforce.ibmcloud.com/vulnerabilities/72830

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-02-14T00:00:00

Updated: 2024-08-06T18:45:27.266Z

Reserved: 2012-02-13T00:00:00

Link: CVE-2012-1062

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-02-14T00:55:01.507

Modified: 2024-11-21T01:36:19.667

Link: CVE-2012-1062

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-01-29T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "meapplicationsmanager-multiple-xss(72830)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72830"}, {"tags": ["x_refsource_MISC"], "url": "http://www.vulnerability-lab.com/get_content.php?id=115"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"}, {"name": "78722", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/78722"}, {"name": "47724", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47724"}, {"name": "51796", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/51796"}, {"name": "78721", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/78721"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1062", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "meapplicationsmanager-multiple-xss(72830)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72830"}, {"name": "http://www.vulnerability-lab.com/get_content.php?id=115", "refsource": "MISC", "url": "http://www.vulnerability-lab.com/get_content.php?id=115"}, {"name": "http://packetstormsecurity.org/files/view/109238/VL-115.txt", "refsource": "MISC", "url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"}, {"name": "78722", "refsource": "OSVDB", "url": "http://osvdb.org/78722"}, {"name": "47724", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47724"}, {"name": "51796", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51796"}, {"name": "78721", "refsource": "OSVDB", "url": "http://osvdb.org/78721"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:45:27.266Z"}, "title": "CVE Program Container", "references": [{"name": "meapplicationsmanager-multiple-xss(72830)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72830"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.vulnerability-lab.com/get_content.php?id=115"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"}, {"name": "78722", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/78722"}, {"name": "47724", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47724"}, {"name": "51796", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/51796"}, {"name": "78721", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/78721"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-1062", "datePublished": "2012-02-14T00:00:00", "dateReserved": "2012-02-13T00:00:00", "dateUpdated": "2024-08-06T18:45:27.266Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:manageengine:applications_manager:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "49E29074-F2FD-41CC-A6D0-6C8D4FEA1247", "vulnerable": true}, {"criteria": "cpe:2.3:a:manageengine:applications_manager:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "A988BE5D-C923-4C9C-AE58-175BD91A5435", "vulnerable": true}, {"criteria": "cpe:2.3:a:manageengine:applications_manager:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "19B623B5-561A-419E-BF64-0D7F783ED35B", "vulnerable": true}, {"criteria": "cpe:2.3:a:manageengine:applications_manager:10.3:*:*:*:*:*:*:*", "matchCriteriaId": "AA192D05-A1F4-4B01-9E10-5B996DE20516", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:manageengine:applications_manager:9:*:*:*:*:*:*:*", "matchCriteriaId": "EBB09D35-D8A2-4C06-ACC3-1A7453E972DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:manageengine:applications_manager:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "927040C8-9B49-4C2A-B712-2592DB10A375", "vulnerable": true}, {"criteria": "cpe:2.3:a:manageengine:applications_manager:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "6E9D7AE4-AD75-48FA-96F7-03ABD826C267", "vulnerable": true}, {"criteria": "cpe:2.3:a:manageengine:applications_manager:9.3:*:*:*:*:*:*:*", "matchCriteriaId": "983B7128-1ED3-4AAB-9CAC-DE90FA04912A", "vulnerable": true}, {"criteria": "cpe:2.3:a:manageengine:applications_manager:9.4:*:*:*:*:*:*:*", "matchCriteriaId": "6702B909-BCA1-42D2-A565-821068349177", "vulnerable": true}, {"criteria": "cpe:2.3:a:manageengine:applications_manager:9.5:*:*:*:*:*:*:*", "matchCriteriaId": "CCB1BA82-CAEB-424A-9AFF-AE5E4CC8019F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en ManageEngine Applications Manager v9.x y v10.x permite a atacantes remotos inyectar c\u00f3digo script web o HTML a trav\u00e9s de (1) el par\u00e1metro period en showHistoryData.do; (2) selectedNetwork, (3) network, o (4) el par\u00e1metro group en showresource.do; (5) el par\u00e1metro header en AlarmView.do; o (6) el par\u00e1metro attName en jsp/PopUp_Graph.jsp. NOTA: el vector Search.do/query est\u00e1 tambi\u00e9n cubierto por CVE-2008-1566, y el vector jsp/ThresholdActionConfiguration.jsp redirectto est\u00e1 tambi\u00e9n cubierto por CVE-2008-0474."}], "id": "CVE-2012-1062", "lastModified": "2024-11-21T01:36:19.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-02-14T00:55:01.507", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/78721"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/78722"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47724"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/51796"}, {"source": "cve@mitre.org", "url": "http://www.vulnerability-lab.com/get_content.php?id=115"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72830"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/78721"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/78722"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/files/view/109238/VL-115.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47724"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/51796"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vulnerability-lab.com/get_content.php?id=115"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72830"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}