XML External Entity Vulnerability in IBM SPSS Collaboration and Deployment Services
CVE-2013-4069

Currently unrated

Key Information:

Vendor: IBM
Status: Spss Collaboration And Deployment Services
Vendor: CVE Published:; 21 December 2013

Summary

The Portal application in IBM SPSS Collaboration and Deployment Services versions prior to 4.2.1.3 IF3 and 5.0 before FP3 is prone to XML External Entity (XXE) vulnerabilities, which allow remote attackers to read arbitrary files on the server. This security flaw results from improper handling of XML input, leading to a scenario where an external XML entity can be declared and referenced. Exploitation of this vulnerability could lead to exposure of sensitive information and pose a significant security risk to affected systems.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21660191

x_refsource_CONFIRM

http://www-01.ibm.com/support/docview.wss?uid=swg1PM95817

vendor-advisoryx_refsource_AIXAPAR

https://exchange.xforce.ibmcloud.com/vulnerabilities/86621

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 21, 2013
Vulnerability Reserved
Jun 7, 2013