Vulnerabilities > CVE-2014-0920 - Credentials Management vulnerability in IBM Spss Analytic Server 1.0.0.0/1.0.1.0

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ibm
CWE-255

Summary

IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Ibm
2

Common Weakness Enumeration (CWE)

Seebug

bulletinFamilyexploit
descriptionCVE ID:CVE-2014-0920 IBM SPSS Analytic Server是美国IBM公司的一套用于大数据预测性分析的IBM引擎,它可在大数据中产生预测和建议,从而实现各种大量数据的最优性能。 IBM SPSS Analytic Server存在安全漏洞,该由于程序以明文方式记录密码,远程攻击者可利用该漏洞获取敏感信息。 0 IBM SPSS Analytic Server 1.0.0.0 IBM SPSS Analytic Server 1.0.1.0 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://www-01.ibm.com/support/docview.wss?uid=swg21669506
idSSV:62167
last seen2017-11-19
modified2014-04-15
published2014-04-15
reporterRoot
titleIBM SPSS Analytic Server信任管理漏洞