CVE-2012-5769

Sažetak

IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg1PM79454
http://www-01.ibm.com/support/docview.wss?uid=swg21620758
http://www-01.ibm.com/support/docview.wss?uid=swg24034122
https://exchange.xforce.ibmcloud.com/vulnerabilities/80316

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:32

Objavljeno

01-01-2013 - 12:35