Vulnerability Name:

CVE-2012-2018 (CCN-76671)

Assigned:2012-07-02
Published:2012-07-02
Updated:2013-03-22
Summary:Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-2018

Source: HP
Type: Vendor Advisory
HPSBMU02783

Source: CCN
Type: HP Security Bulletin HPSBMU02783 SSRT100806
HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)

Source: CCN
Type: SA49696
HP Network Node Manager i Cross-Site Scripting Vulnerability

Source: CCN
Type: SA49748
HP Network Node Manager i Cross-Site Scripting Vulnerability

Source: CCN
Type: OSVDB ID: 83527
HP Network Node Manager i Unspecified XSS (2012-2018)

Source: CCN
Type: BID-54261
HP Network Node Manager i CVE-2012-2018 Unspecified Cross Site Scripting vulnerability

Source: SECTRACK
Type: UNKNOWN
1027215

Source: XF
Type: UNKNOWN
nnmi-unspec-xss(76671)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hp:network_node_manager_i:8.10:*:*:*:*:*:*:*
  • OR cpe:/a:hp:network_node_manager_i:8.11.002:*:*:*:*:*:*:*
  • OR cpe:/a:hp:network_node_manager_i:8.12.004:*:*:*:*:*:*:*
  • OR cpe:/a:hp:network_node_manager_i:8.13.005:*:*:*:*:*:*:*
  • OR cpe:/a:hp:network_node_manager_i:8.13.006:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:hp:network_node_manager_i:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:network_node_manager_i:9.01:*:*:*:*:*:*:*
  • OR cpe:/a:hp:network_node_manager_i:9.02:*:*:*:*:*:*:*
  • OR cpe:/a:hp:network_node_manager_i:9.03:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/a:hp:network_node_manager_i:9.10:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:hp:network_node_manager:8.10:*:*:*:*:*:*:*
  • OR cpe:/a:hp:network_node_manager:8.11:*:*:*:*:*:*:*
  • OR cpe:/a:hp:network_node_manager_i:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:network_node_manager_i:9.01:*:*:*:*:*:*:*
  • OR cpe:/a:hp:network_node_manager_i:9.02:*:*:*:*:*:*:*
  • OR cpe:/a:hp:network_node_manager_i:9.03:*:*:*:*:*:*:*
  • OR cpe:/a:hp:network_node_manager_i:9.10:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    hp network node manager i 8.10
    hp network node manager i 8.11.002
    hp network node manager i 8.12.004
    hp network node manager i 8.13.005
    hp network node manager i 8.13.006
    hp network node manager i 9.0
    hp network node manager i 9.01
    hp network node manager i 9.02
    hp network node manager i 9.03
    hp network node manager i 9.10
    hp network node manager 8.10
    hp network node manager 8.11
    hp network node manager i 9.0
    hp network node manager i 9.01
    hp network node manager i 9.02
    hp network node manager i 9.03
    hp network node manager i 9.10