Vulnerabilities > CVE-2013-4049 - Arbitrary File Upload vulnerability in IBM Spss Analytical Decision Management 6.1.0.0/6.2.0.0/7.0.0.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE network
ibm
Summary
Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by uploading and accessing a JSP file. Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type'
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |