CVE-2013-4044

IBM SPSS Collaboration and Deployment Services 4.2.1-5.0 - Sensitive Information Exposure via Direct HTTP Request

Title source: llm
STIX 2.1

Description

IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21660191
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM95817
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86420

Scores

EPSS 0.0108
EPSS Percentile 61.1%

Details

CWE
CWE-200
Status published
Products (7)
ibm/spss_collaboration_and_deployment_services 4.2.1
ibm/spss_collaboration_and_deployment_services 4.2.1.1
ibm/spss_collaboration_and_deployment_services 4.2.1.2
ibm/spss_collaboration_and_deployment_services 4.2.1.3
ibm/spss_collaboration_and_deployment_services 5.0.0
ibm/spss_collaboration_and_deployment_services 5.0.0.1
ibm/spss_collaboration_and_deployment_services 5.0.0.2
Published Dec 21, 2013
Tracked Since Feb 18, 2026