71 matches found
IBM SPSS Analytic Server Cross-Site Scripting Vulnerability
IBM SPSS Analytic Server is a suite of IBM engines for predictive analytics of big data from IBM in the United States, which generates predictions and recommendations in big data to achieve optimal performance on a wide range of large amounts of data. A cross-site scripting vulnerability exists i...
Security Bulletin: IBM® SPSS Analytic Server is vulnerable to Cross-Site Scripting (CVE-2018-1772)
Summary IBM SPSS Analytic Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability Details CVEID:...
Security Bulletin: Potential MITM attack in Apache CXF used by IBM® WebSphere™ Application Server Liberty affects IBM® SPSS Analytic Server (CVE-2018-8039)
Summary There is a potential man-in-the-middle attack in Apache CXF used by IBM WebSphere Application Server Liberty that affects SPSS Analytic Server. Vulnerability Details CVEID: CVE-2018-8039 DESCRIPTION: Apache CXF could allow a remote attacker to conduct a man-in-the-middle attack. The TLS...
Security Bulletin: Vulnerability in IBM® Java SDK affects IBM SPSS Analytic Server (CVE-2018-2602, CVE-2018-2634)
Summary An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors, and could cause low confidentiality impact, low integrity impact, and low availability...
Security Bulletin: Security vulnerability in Apache Commons FileUpload used by WebSphere Application Server affects IBM SPSS Analytic Server (CVE-2016-1000031)
Summary The Apache Commons FileUpload that is used by IBM® WebSphere™ Application Server affects IBM SPSS Analytic Server. The potential threat could allow a remote attacker to execute arbitrary code on the system. The fix for this issue requires an update to the Websphere application server...
Security Bulletin: Vulnerability in IBM® Java SDK affects IBM SPSS Analytic Server (CVE-2017-10356, CVE-2017-10388)
Summary An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to take control of the system. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An unspecified vulnerability in Oracle Java SE relate...
Security Bulletin: zlib vulnerability may affect IBM® SDK, Java™ Technology Edition
Summary zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVE IDs: CVE-2016-984...
Security Bulletin: Vulnerability in IBM® WebSphere™ Application Server Liberty affects IBM SPSS Analytic Server (CVE-2016-0378)
Summary IBM® WebSphere™ Application Server Liberty could allow a remote attacker to obtain sensitive information caused by improper handling of exceptions when a default error page does not exist. Vulnerability Details CVEID: CVE-2016-0378 DESCRIPTION: IBM WebSphere Application Server Liberty cou...
Security Bulletin: Vulnerability in the IBM WebSphere Application Server that is bundled with IBM SPSS Analytic Server (CVE-2016-5983)
Summary The IBM® WebSphere™ Application Server is shipped with IBM SPSS Analytic Server. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin listed in the...
Security Bulletin: An unspecified JMX component vulnerability affects IBM SPSS Analytic Server (CVE-2016-3427)
Summary The IBM® Runtime Environment Java™ Technology Edition, Version 1.7, that is used by IBM SPSS Analytic Server, contains an unspecified vulnerability related to the JMX component. The vulnerability allows remote attackers to affect confidentiality, integrity, and availability via vectors...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SPSS Analytic Server (CVE-2015-4872, CVE-2015-4734 , CVE-2015-5006, CVE-2015-7575)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 1.6 and 1.7 that is used by IBM SPSS Analytic Server. These issues were disclosed as part of the IBM Java SDK updates in October 2015 and includes the vulnerability commonly referred to as...
Security Bulletin: Multiple vulnerabilities in bundled components affects IBM SPSS Analytic Server (CVE-2015-7450).
Summary An Apache Commons Collections vulnerability in handling Java object deserialization was addressed by IBM SPSS Analytic Server. An updated IBM WebSphere Liberty run time is shipped to address a security vulnerability in IBM SPSS Analytic Server. Vulnerability Details CVEID: CVE-2015-7450...
Security Bulletin: DH key exchange protocol vulnerability (“Logjam”) in IBM Java SDK affects IBM SPSS Analytic Server (CVE-2015-4000)
Summary Vulnerabilities in SSL/TLS protocol during key exchange phase using Diffie-Hellman DH ciphersuite, “Logjam” attack, affects IBM Java SDK 1.6, 1.7 that is used by IBM SPSS Analytic Server. Vulnerability Details CVEID: CVE-2015-4000 DESCRIPTION: The TLS protocol could allow a remote attacke...
Security Bulletin: Password displayed in plaintext in logs (CVE-2014-0920)
Summary IBM SPSS Analytic Server jobs produce logs that contain a password in plaintext which authenticated users can view. Vulnerability Details CVEID: CVE-2014-0920 DESCRIPTION: IBM SPSS Analytic Server jobs produce logs that contain a password in plaintext which authenticated users can view...
Security Bulletin: Vulnerabilities in IBM SDK Java Technology Edition, Versions 1.6 and 1.7, affect IBM SPSS Analytic Server (CVE-2015-0138)
Summary The “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability affects IBM® SDK Java™ Technology Edition, Version 1.6 and 1.7, that is used by IBM SPSS Analytic Server. Vulnerability Details CVEID: CVE-2015-0138 DESCRIPTION : A vulnerability in various IBM SSL/TL...
Security Bulletin: Vulnerability in SSLv3 affects IBM SPSS Analytic Server (CVE-2014-3566)
Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM SPSS Analytic Server. Vulnerability Details CVE-ID : CVE-2014-3566 DESCRIPTION : Product could allow a remote attacker to obtain sensitive...
Security Bulletin: A security vulnerability has been identified in multiple products shipped with IBM Predictive Maintenance and Quality: CVE-2015-8126, CVE-2016-0494, CVE-2016-0483, CVE-2015-8472, CVE-2016-0475, CVE-2016-0466, CVE-2016-0402, CVE-2015-757
Summary IBM WebSphere Application Server, IBM DB2, IBM SPSS Modeler, IBM Cognos Business Intelligence Server, IBM SPSS Collaboration and Deployment Services,IBM Integration Bus, IBM ILOG CPLEX Optimization Studio, IBM SPSS Analytic Server and IBM SPSS Modeler are shipped as components of IBM...
IBM Cognos tm1admsd.exe Overflow Vulnerability
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
IBM SPSS Analytic Server信任管理漏洞
CVE ID:CVE-2014-0920 IBM SPSS Analytic Server是美国IBM公司的一套用于大数据预测性分析的IBM引擎,它可在大数据中产生预测和建议,从而实现各种大量数据的最优性能。 IBM SPSS Analytic Server存在安全漏洞,该由于程序以明文方式记录密码,远程攻击者可利用该漏洞获取敏感信息。 0 IBM SPSS Analytic Server 1.0.0.0 IBM SPSS Analytic Server 1.0.1.0 目前厂商已经发布了升级补丁以修复漏洞,请下载使用:...
CVE-2014-0920
IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors...