Unrated severityNVD Advisory· Published Jun 22, 2012· Updated Apr 29, 2026

CVE-2012-2171

Description

SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.

Affected products

IBM/Ds Storage Manager Host Software3 versions
cpe:2.3:a:ibm:ds_storage_manager_host_software:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ibm:ds_storage_manager_host_software:*:*:*:*:*:*:*:*range: <=10.83
- cpe:2.3:a:ibm:ds_storage_manager_host_software:10.8:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:ds_storage_manager_host_software:10.60.x5.14:*:*:*:*:*:*:*
IBM/Ds41002 versions
cpe:2.3:h:ibm:ds4100:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:h:ibm:ds4100:*:*:*:*:*:*:*:*
- cpe:2.3:h:ibm:ds4100:1724:*:*:*:*:*:*:*
IBM/Ds4200
cpe:2.3:h:ibm:ds4200:1814:*:*:*:*:*:*:*
IBM/Ds4300
cpe:2.3:h:ibm:ds4300:1722:*:*:*:*:*:*:*
IBM/Ds4400
cpe:2.3:h:ibm:ds4400:1742:*:*:*:*:*:*:*
IBM/Ds4500
cpe:2.3:h:ibm:ds4500:1742:*:*:*:*:*:*:*
IBM/Ds4700
cpe:2.3:h:ibm:ds4700:1814:*:*:*:*:*:*:*
IBM/Ds4800
cpe:2.3:h:ibm:ds4800:1815:*:*:*:*:*:*:*
IBM/System Storage Dcs3700 Storage Subsystem
cpe:2.3:h:ibm:system_storage_dcs3700_storage_subsystem:1818:*:*:*:*:*:*:*
IBM/System Storage Ds3200
cpe:2.3:h:ibm:system_storage_ds3200:1726:*:*:*:*:*:*:*
IBM/System Storage Ds3300
cpe:2.3:h:ibm:system_storage_ds3300:1726:*:*:*:*:*:*:*
IBM/System Storage Ds3400
cpe:2.3:h:ibm:system_storage_ds3400:1726:*:*:*:*:*:*:*
IBM/System Storage Ds3512
cpe:2.3:h:ibm:system_storage_ds3512:1746:*:*:*:*:*:*:*
IBM/System Storage Ds3524
cpe:2.3:h:ibm:system_storage_ds3524:1746:*:*:*:*:*:*:*
IBM/System Storage Ds3950 Express
cpe:2.3:h:ibm:system_storage_ds3950_express:1814:*:*:*:*:*:*:*
IBM/System Storage Ds5020 Disk Controller
cpe:2.3:h:ibm:system_storage_ds5020_disk_controller:1814-20a:*:*:*:*:*:*:*
IBM/System Storage Ds5100 Storage Controller
cpe:2.3:h:ibm:system_storage_ds5100_storage_controller:1818:*:*:*:*:*:*:*
IBM/System Storage Ds5300 Storage Controller
cpe:2.3:h:ibm:system_storage_ds5300_storage_controller:1818:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000