A security vulnerability in Modeler subscription installer on Windows platform has been remediated. The installer is used from msi and script to install the product.
CVEID:CVE-2020-4717
**DESCRIPTION:**A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187727 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
SPSS Modeler | Subscription |
Upgrade to SPSS Modeler Subscription 2021-March update.
None