CVE-2013-4069: Infoleak
First published: Sat Dec 21 2013(Updated: )
The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM SPSS Collaboration and Deployment Services | =4.2.1 | |
| IBM SPSS Collaboration and Deployment Services | =4.2.1.1 | |
| IBM SPSS Collaboration and Deployment Services | =4.2.1.2 | |
| IBM SPSS Collaboration and Deployment Services | =4.2.1.3 | |
| IBM SPSS Collaboration and Deployment Services | =5.0.0 | |
| IBM SPSS Collaboration and Deployment Services | =5.0.0.1 | |
| IBM SPSS Collaboration and Deployment Services | =5.0.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/tags
- agent/description
- agent/event
- vendor/ibm
- canonical/ibm spss collaboration and deployment services
- version/ibm spss collaboration and deployment services/4.2.1
- version/ibm spss collaboration and deployment services/4.2.1.1
- version/ibm spss collaboration and deployment services/4.2.1.2
- version/ibm spss collaboration and deployment services/4.2.1.3
- version/ibm spss collaboration and deployment services/5.0.0
- version/ibm spss collaboration and deployment services/5.0.0.1
- version/ibm spss collaboration and deployment services/5.0.0.2