Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9821F7438C8BB79003B8C58755D8D6E48EE95DCC3C26B91E8A89B4B8BED1407E
HistoryJun 16, 2018 - 1:31 p.m.

Security Bulletin: Multiple vulnerabilities in IBM SPSS Modeler (CVE-2013-6739, CVE-2013-5372, CVE-2013-5825)

2018-06-1613:31:40
www.ibm.com
12

EPSS

0.094

Percentile

94.7%

JSON

Summary

Vulnerabilities have been identified in IBM SPSS Modeler which make the product vulnerable to an incorrect Single Sign On being accepted on UNIX and a denial of service attack triggered by a malicious XML data.

Vulnerability Details

VULNERABILITY DETAILS:

CVEID: CVE-2013-6739

DESCRIPTION: Prior to Modeler 16 Single Sign On is only supported on the Windows platform; an issue has been discovered where the server on UNIX platforms is allowing a user to connect to the server and run a session with an SSO token.

CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/89855&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N)

CVE ID: CVE-2013-5372

DESCRIPTION: If an attacker makes a victim open a specially crafted XML document, it could be possible to conduct denial of service attacks using IBM SPSS Modeler installed on the victimโ€™s system.

CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/86662&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVE ID: CVE-2013-5825

DESCRIPTION: If an attacker makes a victim open a specially crafted XML document, it could be possible to conduct denial of service attacks using IBM SPSS Modeler installed on the victimโ€™s system.

SS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/87988&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/N:A/P)

ACKNOWLEDGEMENT
None

Affected Products and Versions

Versions 14 through 15.0 of IBM SPSS Modeler running on all supported platforms are affected.

Remediation/Fixes

Remediation: The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.

Fix:
For IBM SPSS Modeler:

For version 14.2:
- Apply the Interim Fix

For version 15:
- Apply the Interim Fix

For version 16:
- Apply the Interim Fix

Workarounds and Mitigations

Workaround(s):
None; apply fixes.

Mitigation(s):
Single Sign on configuration requires Modeler Client to authenticate with the IBM SPSS Collaboration and Deployment Services platform in the connection process before it can connect to Modeler Server.

Related

ibm 30
nvd 3
cvelist 3
prion 3
cve 3
veracode 17
ubuntucve 1
f5 2
openvas 30
nessus 44
redhat 9
suse 5
aix 1
mageia 2
oraclelinux 3
centos 3
amazon 2
ubuntu 2
kaspersky 1
securityvulns 1
oracle 1
gentoo 2
osv 1
ibm
ibm
Security Bulletin:Tivoli Multiple vulnerabilities in Tivoli Business Service Manager (CVE-2013-5802,CVE-2013-5825,CVE-2013-5372)
2018-06-17 14:31:27
Security Bulletin: Java Vulnerability in Rational Automation Framework (CVE-2013-4002, CVE-2013-5825, CVE-2013-5372)
2018-06-17 04:51:43
Security Bulletin:Tivoli Multiple vulnerabilities in Netcool/Impact (CVE-2013-5802,,CVE-2013-5825,CVE-2013-5372)
2018-06-17 14:31:27
nvd
nvd
CVE-2013-6739
2018-04-27 16:29:00
CVE-2013-5372
2013-10-19 10:36:07
CVE-2013-5825
2013-10-16 17:55:05
cvelist
cvelist
CVE-2013-6739
2018-04-27 16:00:00
CVE-2013-5372
2013-10-19 10:00:00
CVE-2013-5825
2013-10-16 17:31:00
prion
prion
Security feature bypass
2018-04-27 16:29:00
Code injection
2013-10-19 10:36:00
Design/Logic Flaw
2013-10-16 17:55:00
cve
cve
CVE-2013-6739
2018-04-27 16:29:00
CVE-2013-5372
2013-10-19 10:36:07
CVE-2013-5825
2013-10-16 17:55:05
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:54:23
Sandbox Restrictions Bypass
2019-05-02 04:58:36
Sandbox Restrictions Bypass
2019-05-02 04:58:36
ubuntucve
ubuntucve
CVE-2013-5825
2013-10-16 00:00:00
f5
f5
K48802597 : Java vulnerabilities CVE-2013-5825 and CVE-2013-5830
2016-06-09 00:00:00
SOL48802597 - Java vulnerabilities CVE-2013-5825 and CVE-2013-5830
2016-06-09 00:00:00
openvas
openvas
F5 BIG-IP - Java vulnerabilities CVE-2013-5825 and CVE-2013-5830
2016-06-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1669-1)
2021-06-09 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 (Oct 2013) - Windows
2013-10-25 00:00:00
nessus
nessus
F5 Networks BIG-IP : Java vulnerabilities (K48802597)
2016-06-10 00:00:00
IBM WebSphere Application Server 8.0 < Fix Pack 8 Multiple Vulnerabilities
2014-01-20 00:00:00
SUSE SLES10 Security Update : IBM Java 5 (SUSE-SU-2013:1669-1)
2015-05-20 00:00:00
redhat
redhat
(RHSA-2013:1509) Important: java-1.5.0-ibm security update
2013-11-07 00:00:00
(RHSA-2013:1508) Critical: java-1.6.0-ibm security update
2013-11-07 00:00:00
(RHSA-2013:1793) Low: Red Hat Network Satellite server IBM Java Runtime security update
2013-12-05 00:00:00
suse
suse
Security update for IBM Java 5 (important)
2013-11-14 16:04:15
Security update for IBM Java 7 (important)
2013-11-22 08:04:19
Security update for Java 6 (important)
2013-11-19 00:04:12
aix
aix
Multiple Java vulnerabilities
2013-12-11 10:53:34
mageia
mageia
Updated java-1.6.0-openjdk package fixes multiple vulnerabilities
2013-11-13 23:05:43
Updated java-1.7.0-openjdk package fixes security vulnerabilities
2013-11-13 23:03:04
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-11-05 00:00:00
java-1.7.0-openjdk security update
2013-10-21 00:00:00
java-1.7.0-openjdk security update
2013-10-22 00:00:00
centos
centos
java security update
2013-11-05 20:45:16
java security update
2013-10-23 11:04:05
java security update
2013-10-22 07:41:01
amazon
amazon
Important: java-1.6.0-openjdk
2013-11-05 13:35:00
Critical: java-1.7.0-openjdk
2013-10-23 15:22:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-11-21 00:00:00
OpenJDK 7 vulnerabilities
2014-01-23 00:00:00
kaspersky
kaspersky
KLA10492 Multiple vulnerabilities in Oracle products
2013-10-16 00:00:00
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
2013-12-09 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2013
2013-10-15 00:00:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00
osv
osv
java-1_7_0-openjdk-1.7.0.121-1.1 on GA media
2024-06-15 00:00:00

EPSS

0.094

Percentile

94.7%

JSON
Related for 9821F7438C8BB79003B8C58755D8D6E48EE95DCC3C26B91E8A89B4B8BED1407E
ibm30nvd3cvelist3prion3cve3veracode17ubuntucve1f52openvas30nessus44redhat9suse5aix1mageia2oraclelinux3centos3amazon2ubuntu2kaspersky1securityvulns1oracle1gentoo2osv1