Описание
IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:spss_modeler:14.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spss_modeler:14.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spss_modeler:14.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spss_modeler:14.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spss_modeler:14.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spss_modeler:14.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spss_modeler:14.2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spss_modeler:14.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spss_modeler:14.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spss_modeler:14.2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spss_modeler:15.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:spss_modeler:15.0.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00616
Низкий
5.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
EPSS
Процентиль: 69%
0.00616
Низкий
5.8 Medium
CVSS2
Дефекты
NVD-CWE-Other