CVE-2013-4049

Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by uploading and accessing a JSP file.

CVSS v2.0 8.5 HIGH

8.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability : 6.8 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21648929	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/86442

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:spss_analytical_decision_management:6.1.0.0:::::::*
	cpe:2.3:a:ibm:spss_analytical_decision_management:6.2.0.0:::::::*
	cpe:2.3:a:ibm:spss_analytical_decision_management:7.0.0.0:::::::*

History

No history.

Information

Published : 2013-09-16 18:24

Updated : 2024-02-04 18:16

NVD link : CVE-2013-4049

Mitre link : CVE-2013-4049

CVE.ORG link : CVE-2013-4049

JSON object : View

Products Affected

ibm

spss_analytical_decision_management

CWE

NVD-CWE-Other

{"id": "CVE-2013-4049", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-09-16T18:24:48.793", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648929", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86442", "source": "psirt@us.ibm.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by uploading and accessing a JSP file."}, {"lang": "es", "value": "Vulnerabilidad de subida de archivo sin restricci\u00f3n en IBM SPSS Analytical Decision Management 6.1 anterior a IF1, 6.2 anterior a IF1, y 7.0 anterior a FP1 IF6, permite a usuarios autenticados remotamente la ejecuci\u00f3n de c\u00f3digo a discrecci\u00f3n mediante la subida y el acceso a un archivo JSP."}], "lastModified": "2017-08-29T01:33:34.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spss_analytical_decision_management:6.1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E92A4CE-39AD-436A-9D46-B0AD2B08A11F"}, {"criteria": "cpe:2.3:a:ibm:spss_analytical_decision_management:6.2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6779E25F-B9D5-42E1-A3DB-73301CF7C6D2"}, {"criteria": "cpe:2.3:a:ibm:spss_analytical_decision_management:7.0.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88CE7A2F-E16E-4EB9-B314-86E26BDB5EBA"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/434.html\n\n'CWE-434: Unrestricted Upload of File with Dangerous Type'", "sourceIdentifier": "psirt@us.ibm.com"}