CVE-2012-5769

IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:P
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
ibmspss_modeler
14.0.0.0
ibmspss_modeler
14.0.0.1
ibmspss_modeler
14.0.0.2
ibmspss_modeler
14.1.0.0
ibmspss_modeler
14.1.0.1
ibmspss_modeler
14.1.0.2
ibmspss_modeler
14.2.0.0
ibmspss_modeler
14.2.0.1
ibmspss_modeler
14.2.0.2
ibmspss_modeler
14.2.0.3
ibmspss_modeler
15.0.0.0
ibmspss_modeler
15.0.0.1
𝑥
= Vulnerable software versions
References
http://www-01.ibm.com/support/docview.wss?uid=swg1PM79454
http://www-01.ibm.com/support/docview.wss?uid=swg21620758
http://www-01.ibm.com/support/docview.wss?uid=swg24034122
https://exchange.xforce.ibmcloud.com/vulnerabilities/80316
http://www-01.ibm.com/support/docview.wss?uid=swg1PM79454
http://www-01.ibm.com/support/docview.wss?uid=swg21620758
http://www-01.ibm.com/support/docview.wss?uid=swg24034122
https://exchange.xforce.ibmcloud.com/vulnerabilities/80316