Security Bulletin
Summary
Multiple vulnerabilities exist in IBM SPSS Collaboration and Deployment Services. See the individual descriptions for details.
Vulnerability Details
VULNERABILITY DETAILS:
CVEID: CVE-2013-4044
DESCRIPTION:
An authenticated remote attacker can send a HTTP request to retrieve the content of the application log files. This affects all Collaboration and Deployment Service deployments.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86420 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-4045
DESCRIPTION:
A cross-site scripting vulnerability was discovered in the Collaboration and Deployment Services Deployment Portal application allowing remote script execution. This affects all Collaboration and Deployment Service deployments.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86421 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID: CVE-2013-4046
DESCRIPTION:
An open-redirect vulnerability was discovered in the Collaboration and Deployment Services allowing the user's credentials to be stolen. This affects all Collaboration and Deployment Service deployments.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86439 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-4069
DESCRIPTION:
A vulnerability was discovered in the Collaboration and Deployment Services Deployment Portal application allowing references to external XML entities. This affects all Collaboration and Deployment Service deployments.
CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86621 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-4070
DESCRIPTION:
A vulnerability was discovered in the Collaboration and Deployment Services Deployment Portal application allowing access to an internal password. This affects all Collaboration and Deployment Service deployments.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86656 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: ((AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
Collaboration and Deployment Services, version 5.0 fix pack 2 and earlier.
Remediation/Fixes
|
Product | VRMF | APAR | Remediation / First Fix |
|---|---|---|---|
| SPSS Collaboration and Deployment Services | 5.0.0.0 | PM95817 | SPSS Collaboration and Deployment Services 5.0 FP3 |
| SPSS Collaboration and Deployment Services | 4.2.1.0 | PM95817 | SPSS Collaboration and Deployment Services 4.2.1.3 Intermediate Fix 3 |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
CVE-2013-4044
CVE-2013-4045
CVE-2013-4046
CVE-2013-4069
CVE-2013-4070
Change History
16 December, 2013 - Original Publication
19 December, 2013 - Corrected CVSS score and vector for CVE-2013-4069
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21660191