Remote File Access Vulnerability in IBM SPSS Modeler Software
CVE-2012-5769

Currently unrated

Key Information:

Vendor: IBM
Status: Spss Modeler
Vendor: CVE Published:; 1 January 2013

Summary

IBM SPSS Modeler versions 14.0, 14.1, and 14.2 (through FP3), along with 15.0 (before FP2) are susceptible to an XML external entity declaration vulnerability. This flaw allows remote attackers to leverage the application's XML parsing capabilities to read arbitrary files on the server. Additionally, it can enable attackers to issue HTTP requests to internal network servers or potentially trigger denial of service conditions by consuming excessive CPU and memory resources.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/80316

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1PM79454

vendor-advisoryx_refsource_AIXAPAR

http://www-01.ibm.com/support/docview.wss?uid=swg21620758

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 1, 2013
Vulnerability Reserved
Nov 2, 2012