9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.972 High
EPSS
Percentile
99.8%
Apache Commons Text is used by IBM SPSS Modeler as part of the spark function. This vulnerability is addressed. [CVE-2022-42889]
CVEID:CVE-2022-42889
**DESCRIPTION:**Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/238560 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM SPSS Modeler|**Version(s)
**
—|—
IBM SPSS Modeler Client| 18.3
IBM SPSS Modeler Server
IBM SPSS Modeler Solution Publisher
IBM SPSS Modeler Collaboration and Deployment Services Adapter
IBM SPSS Modeler Client| 18.4
IBM SPSS Modeler Server
IBM SPSS Modeler Solution Publisher
IBM SPSS Modeler Collaboration and Deployment Services Adapter
IBM strongly recommends addressing the vulnerability now.
Product(s)|**Version(s)
**|**Fix Download link
**
—|—|—
IBM SPSS Modeler| 18.3| 18.3.0.0-IM-S18MODELER-IF018
IBM SPSS Modeler| 18.4| 18.4.0.0-IM-S18MODELER-IF006
N/A
CPE | Name | Operator | Version |
---|---|---|---|
spss modeler | eq | 18.3 | |
spss modeler | eq | 18.4 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.972 High
EPSS
Percentile
99.8%