Lucene search

IbmCVELIST:CVE-2020-4717

HistoryMar 10, 2021 - 3:05 p.m.

CVE-2020-4717

2021-03-1015:05:29

ibm

www.cve.org

ibm

spss

modeler

vulnerability

installation

arbitrary file

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

AI Score

5.4

Confidence

High

EPSS

Percentile

12.6%

JSON

A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation. IBM X-Force ID: 187727.

CNA Affected

[
  {
    "product": "SPSS Modeler",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "Subscription"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/187727

www.ibm.com/support/pages/node/6427901

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

AI Score

5.4

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2020-4717