Vulnerabilities > CVE-2014-0920 - Credentials Management vulnerability in IBM Spss Analytic Server 1.0.0.0/1.0.1.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Seebug
| bulletinFamily | exploit |
| description | CVE ID:CVE-2014-0920 IBM SPSS Analytic Server是美国IBM公司的一套用于大数据预测性分析的IBM引擎,它可在大数据中产生预测和建议,从而实现各种大量数据的最优性能。 IBM SPSS Analytic Server存在安全漏洞,该由于程序以明文方式记录密码,远程攻击者可利用该漏洞获取敏感信息。 0 IBM SPSS Analytic Server 1.0.0.0 IBM SPSS Analytic Server 1.0.1.0 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://www-01.ibm.com/support/docview.wss?uid=swg21669506 |
| id | SSV:62167 |
| last seen | 2017-11-19 |
| modified | 2014-04-15 |
| published | 2014-04-15 |
| reporter | Root |
| title | IBM SPSS Analytic Server信任管理漏洞 |
References
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI13527
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI13527
- http://www-01.ibm.com/support/docview.wss?uid=swg21669506
- http://www-01.ibm.com/support/docview.wss?uid=swg21669506
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92073
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92073