Lucene search
IBM72187D0DAF7FCDF2AFD9B78966A88D98AD36FB8D6D07FBD58271C1257D19A0A6HistoryJun 16, 2018 - 1:14 p.m.
Security Bulletin: Unauthenticated arbitrary file disclosure in IBM SPSS Collaboration and Deployment Services (CVE-2013-4043)
2018-06-1613:14:46
www.ibm.com
7
0.003 Low
EPSS
Percentile
69.1%
Summary
A remote, unauthenticated attacker can send a HTTP request to retrieve the content of any file on the IBM SPSS Collaboration and Deployment Service server.
Vulnerability Details
CVEID:_CVE-2013-4043 _
DESCRIPTION:
A remote, unauthenticated attacker can send a HTTP request to retrieve the content of any file on the IBM SPSS Collaboration and Deployment Service server . All users of Collaboration and Deployment Services are vulnerable.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86419 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Affected Products and Versions
Collaboration and Deployment Services, version 6.0 and earlier.
Remediation/Fixes
| Product | VRMF | APAR | Fix |
|---|---|---|---|
| Collaboration and Deployment Services | 6.0.0.0 | PI07828 | 6.0 Intermediate Fix 1 |
| Collaboration and Deployment Services | 5.0.0.0 | PI07828 | 5.0 FP3 |
| Collaboration and Deployment Services | 4.2.1 | PI07828 | 4.2.1.3 Intermediate Fix 3 |
Workarounds and Mitigations
None
Related
cve
cve
CVE-2013-4043
2014-02-01 15:55:04
nvd
nvd
CVE-2013-4043
2014-02-01 15:55:04
prion
prion
Cross site request forgery (csrf)
2014-02-01 15:55:00
cvelist
cvelist
CVE-2013-4043
2014-02-01 15:00:00
0.003 Low
EPSS
Percentile
69.1%
Related for 72187D0DAF7FCDF2AFD9B78966A88D98AD36FB8D6D07FBD58271C1257D19A0A6