Symbolic Link Vulnerability in IBM SPSS Modeler Subscription Installer
CVE-2020-4717

6.2MEDIUM

Key Information:

Vendor: IBM
Status: Spss Modeler
Vendor: CVE Published:; 10 March 2021

What is CVE-2020-4717?

A vulnerability exists in the IBM SPSS Modeler Subscription Installer that enables a user with create symbolic link permissions to write files to unauthorized locations during the installation process. This could potentially allow for the execution of malicious code or access to sensitive information, as the restricted paths could be exploited by malicious actors. For more details, refer to IBM's official documentation and vulnerability database.

Affected Version(s)

SPSS Modeler Subscription

References

https://www.ibm.com/support/pages/node/6427901

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/187727

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2021
Vulnerability Reserved
Dec 30, 2019