CVE-2013-4069 — Sensitive Information Exposure in IBM Spss Collaboration AND Deployment Services

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 43.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Spss Collaboration AND Deployment Services

Timeline

PublishedDec 21

Latest updateMay 17

Description

The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/spss_collaboration_and_deployment_services7 versions+6

🔴Vulnerability Details

GHSA

GHSA-xq67-qgfc-92jg: The Portal application in IBM SPSS Collaboration and Deployment Services 4↗2022-05-17

▶

CVEList

CVE-2013-4069: The Portal application in IBM SPSS Collaboration and Deployment Services 4↗2013-12-21

▶