Security Bulletin: Vulnerability in IBM SPSS Data Collection due to issues in Eclipse Help System (CVE-2013-0464, CVE-2013-0467)

Abstract The version of IBM Eclipse Help System that is shipped with IBM SPSS Data Collection versions 6.0, 6.0.1 "Data Collection" and 7.0 has multiple security vulnerabilities. These vulnerabilities allow attackers to perform cross-site scripting and source code disclosure attacks. Content...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IBM Eclipse Help System IEHS 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2013-0464

Multiple cross-site scripting XSS vulnerabilities in IBM Eclipse Help System IEHS 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2013-0464

Multiple cross-site scripting XSS vulnerabilities in IBM Eclipse Help System IEHS 3.4.3 and 3.6.2, as used in IBM SPSS Data Collection 6.0, 6.0.1, and 7.0, allow remote attackers to inject arbitrary web script or HTML via a crafted URL...

IBM SPSS Data Collection CVE-2013-0464跨站脚本漏洞

Bugtraq ID:60246 CVE ID:CVE-2013-0464 IBM SPSS Data Collection是全球业界领先的问卷调查、市场研究以及客户行为分析的专业解决方案。 IBM SPSS Data Collection存在一个输入验证漏洞，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被用户查看时可获取敏感信息或劫持用户会话。 0 IBM SPSS Data Collection 6.0.1 IBM SPSS Data Collection 6.0 IBM SPSS Data Collection 7.0 用户可参考如下厂商提供的安全公告获得补丁程序：...

Open redirect

Open redirect vulnerability in IBM Eclipse Help System IEHS, as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified...

CVE-2012-2161

CVE-2012-2161 is a cross-site scripting vulnerability in the IBM Eclipse Help System (IEHS) used by multiple IBM products (e.g., InfoSphere Discovery, DB2 Information Center, Sales Center for WebSphere Commerce, IMS Explorer for Development). The flaw resides in IEHS (deferredView.jsp and related...

Design/Logic Flaw

Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document...

CVE-2012-0190

CVE-2012-0190 concerns an RCE in the IBM SPSS ExportHTML.dll ActiveX control (Render method) used by IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, 6.0.1. The flaw exists in the Render() method of the ExportHTML.ocx/ExportHTML.dll; a crafted HTML document can cause arbitrary file crea...