SB20260528255 - Multiple vulnerabilities in IBM SPSS Modeler

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB20260528255

SB20260528255 - Multiple vulnerabilities in IBM SPSS Modeler

Published: May 28, 2026

Security Bulletin ID SB20260528255
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Improper validation of certificate with host mismatch (CVE-ID: CVE-2025-68161)

CWE-ID: CWE-297 - Improper Validation of Certificate with Host Mismatch

CVSSv4: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to the Socket Appender does not perform TLS hostname verification of the peer certificate, even when the "verifyHostName" configuration attribute or the "log4j2.sslVerifyHostName"  system property is set to true. A remote attacker can perform MitM attack and intercept or redirect the log traffic. 


2) Improper Encoding or Escaping of Output (CVE-ID: CVE-2026-34479)

CWE-ID: CWE-116 - Improper Encoding or Escaping of Output

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause downstream log processing systems to drop or fail to index affected records.

The vulnerability exists due to improper output neutralization in Log4j1XmlLayout when producing XML log output containing characters forbidden by the XML 1.0 standard. A remote attacker can cause such characters to be included in logged data to cause downstream log processing systems to drop or fail to index affected records.

The issue affects configurations using Log4j1XmlLayout directly in a Log4j Core 2 configuration file or through the Log4j 1 configuration compatibility layer with org.apache.log4j.xml.XMLLayout specified as the layout class.


3) Improper Certificate Validation (CVE-ID: CVE-2026-34477)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a man-in-the-middle attack.

The vulnerability exists due to improper certificate validation in the TLS hostname verification handling of the verifyHostName attribute in Log4j Core SSL configuration when establishing TLS connections for SMTP, Socket, or Syslog appenders. A remote attacker can present a certificate issued by a trusted certificate authority to perform a man-in-the-middle attack.

The issue occurs only when TLS is configured via a nested SSL configuration element, and it does not affect the HTTP appender.


4) Improper Encoding or Escaping of Output (CVE-ID: CVE-2026-34480)

CWE-ID: CWE-116 - Improper Encoding or Escaping of Output

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause log event loss.

The vulnerability exists due to improper output neutralization in XmlLayout when processing log messages or MDC values containing XML 1.0 forbidden characters. A remote attacker can supply crafted input containing forbidden characters to cause log event loss.

The impact depends on the StAX implementation in use: built-in JRE StAX may produce malformed XML that downstream parsers reject, while alternative implementations may throw an exception during the logging call so the event is delivered only to Log4j's internal status logger.


Remediation

Install update from vendor's website.

References