Details of VAR-201009-0012

ID

VAR-201009-0012

CVE

CVE-2010-0152

TITLE

IBM PNMSS Appliance LMI Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2010-002928

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters. (1) pvm_messagestore.php To date1 Parameters (2) pvm_user_management.php To userfilter Parameters (3) sys_ping.php action of sys_tools.php To ping Parameters (4) pvm_cert_commaction.php of action Parameters (5) pvm_cert_serveraction.php To action Parameters (6) pvm_smtpstore.php To action Parameters (7) sla/index.php To l Parameters (8) Stored data. The Local Management Interface is a set of enhancements to the basic Frame Relay specification. When exploited by an external/internal attacker, such identified vulnerabilities could lead to Session Hijack, Information Disclosure, force installation of malicious file or Trojan on users' PCs, etc. A persistent XSS vulnerability can be exploited by an external unauthenticated attacker to inject malicious scripting code which is persistently stored. When the system is accessed by authorised users, such malicious code could be used to severely compromise the security of the appliance. A persistent XSS vulnerability identified in saved search filters (Mail Security->Email Browser) allows an internal authenticated attacker to inject malicious scripting code. Multiple reflected XSS vulnerabilities can be exploited by manipulating parameters of pvm_messagestore.php resource. url_placeholder/pvm_messagestore.php?msgid=&sender=&rcpt=&subject=&meta=&mailsize=&folder=allfolders&date1=<script>alert('xss')</script>&date2=&s=mails&favname= Reflected XSS vulnerabilities can be exploited by manipulating parameters of the following resources: * userfilter parameter of pvm_user_management.php resource. url_placeholder/pvm_smtpstore.php?id=frozen&action="><script>alert("XSS")</script> * l parameter of /sla/index.php resource url_placeholder/sla/index.php?l="><script>alert(document.cookie)</script> Affected Versions IBM Proventia Network Mail Security System - virtual appliance (firmware 1.6) IBM Proventia Network Mail Security System - virtual appliance (firmware 2.5) Mitigation Vendor recommends upgrading to PNMSS firmware 2.5.0.2 or later. Alternatively, please contact IBM for technical support. Disclosure Timeline 2009, November 07: Vulnerabilities discovered and documented 2009, November 08: Notification sent to IBM 2009, November 09: IBM acknowledges receiving the report 2010, March: IBM releases PNMSS Firmware 2.5.0.2 correcting the reported issues 2010, September 12: MVSA-10-007 advisory published. Credits Dr. Marian Ventuneac http://ventuneac.net

Trust: 1.8

sources: NVD: CVE-2010-0152 // JVNDB: JVNDB-2010-002928 // VULHUB: VHN-42757 // PACKETSTORM: 93799

AFFECTED PRODUCTS

vendor:	ibm	model:	proventia network mail security system virtual appliance	scope:	-	version:	-	Trust: 1.4
vendor:	ibm	model:	proventia network mail security system virtual appliance	scope:	eq	version:	1.6	Trust: 1.0
vendor:	ibm	model:	proventia network mail security system virtual appliance	scope:	eq	version:	2.5	Trust: 1.0
vendor:	ibm	model:	proventia network mail security system virtual appliance	scope:	eq	version:	*	Trust: 1.0
vendor:	ibm	model:	proventia network mail security system virtual appliance	scope:	lt	version:	2.5.0.2	Trust: 0.8

sources: JVNDB: JVNDB-2010-002928 // CNNVD: CNNVD-201009-112 // NVD: CVE-2010-0152

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-0152
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2010-0152
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201009-112
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-42757
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2010-0152
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-42757
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-42757 // JVNDB: JVNDB-2010-002928 // CNNVD: CNNVD-201009-112 // NVD: CVE-2010-0152

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-42757 // JVNDB: JVNDB-2010-002928 // NVD: CVE-2010-0152

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201009-112

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201009-112

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002928

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-42757

PATCH

title:

Proventia Network Mail Security System

url:

http://www-935.ibm.com/services/us/en/it-services/proventia-network-mail-security-system.html

Trust: 0.8

sources: JVNDB: JVNDB-2010-002928

EXTERNAL IDS

db:	NVD	id:	CVE-2010-0152	Trust: 2.6
db:	JVNDB	id:	JVNDB-2010-002928	Trust: 0.8
db:	CNNVD	id:	CNNVD-201009-112	Trust: 0.7
db:	BUGTRAQ	id:	20100912 MVSA-10-007 / CVE-2010-0152 - IBM PROVENTIA MAIL SECURITY SYSTEM - MULTIPLE PERSISTENT AND REFLECTED XSS VULNERABILITIES	Trust: 0.6
db:	PACKETSTORM	id:	93799	Trust: 0.2
db:	VULHUB	id:	VHN-42757	Trust: 0.1

sources: VULHUB: VHN-42757 // JVNDB: JVNDB-2010-002928 // PACKETSTORM: 93799 // CNNVD: CNNVD-201009-112 // NVD: CVE-2010-0152

REFERENCES

url:	http://www.ventuneac.net/security-advisories/mvsa-10-007	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/513629/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0152	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0152	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/513629/100/0/threaded	Trust: 0.6
url:	http://ventuneac.net	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-0152	Trust: 0.1

sources: VULHUB: VHN-42757 // JVNDB: JVNDB-2010-002928 // PACKETSTORM: 93799 // CNNVD: CNNVD-201009-112 // NVD: CVE-2010-0152

CREDITS

Dr. Marian Ventuneac

Trust: 0.1

sources: PACKETSTORM: 93799

SOURCES

db:	VULHUB	id:	VHN-42757
db:	JVNDB	id:	JVNDB-2010-002928
db:	PACKETSTORM	id:	93799
db:	CNNVD	id:	CNNVD-201009-112
db:	NVD	id:	CVE-2010-0152

LAST UPDATE DATE

2025-04-11T23:19:05.052000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-42757	date:	2018-10-10T00:00:00
db:	JVNDB	id:	JVNDB-2010-002928	date:	2012-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201009-112	date:	2010-09-16T00:00:00
db:	NVD	id:	CVE-2010-0152	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-42757	date:	2010-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2010-002928	date:	2012-03-27T00:00:00
db:	PACKETSTORM	id:	93799	date:	2010-09-14T01:03:00
db:	CNNVD	id:	CNNVD-201009-112	date:	2010-09-16T00:00:00
db:	NVD	id:	CVE-2010-0152	date:	2010-09-14T17:00:01.337