Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMCEE5BD6F4A639681008566ECED7E612811651EAB77298696B6A029BD49D95B58
HistoryMar 10, 2021 - 2:46 a.m.

Security Bulletin: Symbolic Link Permissions Problem Modeler Subscription Installer

2021-03-1002:46:05
www.ibm.com
8

0.0004 Low

EPSS

Percentile

12.7%

JSON

Summary

A security vulnerability in Modeler subscription installer on Windows platform has been remediated. The installer is used from msi and script to install the product.

Vulnerability Details

CVEID:CVE-2020-4717
**DESCRIPTION:**A vulnerability exists in IBM SPSS Modeler Subscription Installer that allows a user with create symbolic link permission to write arbitrary file in another protected path during product installation.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187727 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
SPSS Modeler Subscription

Remediation/Fixes

Upgrade to SPSS Modeler Subscription 2021-March update.

Workarounds and Mitigations

None

Related

nvd 1
cve 1
prion 1
cvelist 1
nvd
nvd
CVE-2020-4717
2021-03-10 15:15:12
cve
cve
CVE-2020-4717
2021-03-10 15:15:12
prion
prion
Design/Logic Flaw
2021-03-10 15:15:00
cvelist
cvelist
CVE-2020-4717
2021-03-09 00:00:00

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for CEE5BD6F4A639681008566ECED7E612811651EAB77298696B6A029BD49D95B58
nvd1cve1prion1cvelist1