CVE-2013-4043

The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg1PI07828
http://www-01.ibm.com/support/docview.wss?uid=swg21661169	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/86419

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:4.1.1.1:::::::*
	cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:4.1.1.2:::::::*
	cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:4.1.1.3:::::::*
	cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:4.2.1:::::::*
	cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:4.2.1.1:::::::*
	cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:4.2.1.2:::::::*
	cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:4.2.1.3:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:5.0.0:::::::*
	cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:5.0.0.1:::::::*
	cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:5.0.0.2:::::::*
	cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:5.0.1:::::::*
	cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:5.0.2:::::::*

Configuration 3 (hide)

cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:6.0.0.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-02-01 15:55

Updated : 2023-12-10 11:31

NVD link : CVE-2013-4043

Mitre link : CVE-2013-4043

CVE.ORG link : CVE-2013-4043

JSON object : View

Products Affected

ibm

spss_collaboration_and_deployment_services

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2013-4043", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-02-01T15:55:04.010", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07828", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21661169", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86419", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The server in IBM SPSS Collaboration and Deployment Services 4.x before 4.2.1.3 IF3, 5.x before 5.0 FP3, and 6.x before 6.0 IF1 allows remote attackers to read arbitrary files via an unspecified HTTP request."}, {"lang": "es", "value": "El servidor en IBM SPSS Collaboration and Deployment Services 4.x anterior a 4.2.1.3 IF3, 5.x anterior a 5.0 FP3, y 6.x anterior a 6.0 IF1 permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de una solicitud HTTP no especificada."}], "lastModified": "2017-08-29T01:33:33.903", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:4.1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEB7AA4C-336F-42E8-BDCC-AC4FEDA1C5C7"}, {"criteria": "cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:4.1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E476E51-DD32-4AD3-A806-5956CAB99F6A"}, {"criteria": "cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:4.1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B47835F-B8E7-4825-AF9B-A21D27E6C93E"}, {"criteria": "cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92B33DCA-ADCC-4521-9B8D-4A407FB9608E"}, {"criteria": "cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:4.2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAA2C39D-902A-442F-AA6B-62BC8C380436"}, {"criteria": "cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:4.2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D801CF8-F6A0-4E40-8011-AE8D5A2F5C0B"}, {"criteria": "cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:4.2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFB0A724-CAC6-45E1-85D6-592BE4660695"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FA0641C-E2DB-4FDA-BD5F-51C7195D5389"}, {"criteria": "cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:5.0.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F050F5EC-1334-45FC-911D-75FB5B9C7244"}, {"criteria": "cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:5.0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CD574C3-DA32-4CD6-95DB-39F0CE663D6E"}, {"criteria": "cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0E988D9-C880-4B6E-93EE-89A2C77B7025"}, {"criteria": "cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E375B6F2-8F90-40CF-9D52-F026F9BEACED"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spss_collaboration_and_deployment_services:6.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "260931E5-1F25-4F0A-8E7A-03F1D670A353"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}