CVE-2012-5769

high

Description

IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/80316

http://www-01.ibm.com/support/docview.wss?uid=swg24034122

http://www-01.ibm.com/support/docview.wss?uid=swg21620758

http://www-01.ibm.com/support/docview.wss?uid=swg1PM79454

Details

Source: Mitre, NVD

Published: 2013-01-01

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.00616