Information disclosure in IBM SPSS Modeler - CVE-2023-33842
Published: December 26, 2023
Vulnerability identifier: #VU84740
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-33842
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM SPSS Modeler
IBM SPSS Modeler
Detailed vulnerability description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to IBM SPSS Modeler on Windows requires the end user to have access to the server SSL key. A local user can gain unauthorized access to sensitive information on the system.
How to mitigate CVE-2023-33842
Install updates from vendor's website.