Vulnerability Details CVE-2012-5769
IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.7%
CVSS Severity
CVSS v2 Score 5.8
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM79454
- http://www-01.ibm.com/support/docview.wss?uid=swg21620758
- http://www-01.ibm.com/support/docview.wss?uid=swg24034122
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80316
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM79454
- http://www-01.ibm.com/support/docview.wss?uid=swg21620758
- http://www-01.ibm.com/support/docview.wss?uid=swg24034122
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80316
Products affected by CVE-2012-5769
-
cpe:2.3:a:ibm:spss_modeler:14.0.0.0
-
cpe:2.3:a:ibm:spss_modeler:14.0.0.1
-
cpe:2.3:a:ibm:spss_modeler:14.0.0.2
-
cpe:2.3:a:ibm:spss_modeler:14.1.0.0
-
cpe:2.3:a:ibm:spss_modeler:14.1.0.1
-
cpe:2.3:a:ibm:spss_modeler:14.1.0.2
-
cpe:2.3:a:ibm:spss_modeler:14.2.0.0
-
cpe:2.3:a:ibm:spss_modeler:14.2.0.1
-
cpe:2.3:a:ibm:spss_modeler:14.2.0.2
-
cpe:2.3:a:ibm:spss_modeler:14.2.0.3
-
cpe:2.3:a:ibm:spss_modeler:15.0.0.0
-
cpe:2.3:a:ibm:spss_modeler:15.0.0.1