CVE-2013-4069

IBM SPSS Collaboration and Deployment Services 4.2.1-5.0 - XML External Entity Injection in Portal Application

Title source: llm
STIX 2.1

Description

The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21660191
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM95817
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86621

Scores

EPSS 0.0146
EPSS Percentile 70.4%

Details

CWE
CWE-200
Status published
Products (7)
ibm/spss_collaboration_and_deployment_services 4.2.1
ibm/spss_collaboration_and_deployment_services 4.2.1.1
ibm/spss_collaboration_and_deployment_services 4.2.1.2
ibm/spss_collaboration_and_deployment_services 4.2.1.3
ibm/spss_collaboration_and_deployment_services 5.0.0
ibm/spss_collaboration_and_deployment_services 5.0.0.1
ibm/spss_collaboration_and_deployment_services 5.0.0.2
Published Dec 21, 2013
Tracked Since Feb 18, 2026