FKIE_CVE-2015-4991

Vulnerability from fkie_nvd - Published: 2016-02-15 02:59 - Updated: 2025-04-12 10:46
Severity ?
4.0 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows local users to obtain sensitive information by reading a dump file.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg1PI46224Vendor Advisory
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21975663Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1PI46224Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21975663Vendor Advisory
Impacted products
Vendor Product Version
ibm spss_modeler 14.2.0.0
ibm spss_modeler 14.2.0.1
ibm spss_modeler 14.2.0.2
ibm spss_modeler 14.2.0.3
ibm spss_modeler 15.0.0.0
ibm spss_modeler 15.0.0.1
ibm spss_modeler 15.0.0.2
ibm spss_modeler 15.0.0.3
ibm spss_modeler 16.0.0.0
ibm spss_modeler 16.0.0.1
ibm spss_modeler 16.0.0.2
ibm spss_modeler 17.0.0.0
ibm spss_modeler 17.0.0.1
ibm spss_modeler 17.1.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:spss_modeler:14.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33D6F60D-F679-4C85-B027-4323A981C339",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spss_modeler:14.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "32783B77-DC8F-4B95-A65B-54F2F6E02ECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spss_modeler:14.2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E272BC66-8533-4503-A227-0FE0FE904631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spss_modeler:14.2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E1735E4-9732-4D01-B5E0-28A27BEE8415",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spss_modeler:15.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A99F1ED-82D2-47C4-A898-76290B78561C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spss_modeler:15.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9513A4EE-E322-4BC2-8AF5-81620EB2CAD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spss_modeler:15.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "814C12D1-E08F-47E5-920C-D03033F77890",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spss_modeler:15.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEF4989D-7D60-4EC5-B98C-E387CB45D40D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spss_modeler:16.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51490AA5-F121-48EC-8D30-0EA4585001B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spss_modeler:16.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80AEAF9-B138-49E0-BE40-3AC940D04748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spss_modeler:16.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8928F107-61AE-4826-BC2D-32EE6F2C385C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spss_modeler:17.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "22C3E411-8990-4266-A2C0-CF8F14476D42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spss_modeler:17.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A80EAA2-21CF-4573-AAB0-3E5852CC2A7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:spss_modeler:17.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD8AA792-DA0E-41D3-A69E-001083BF278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows local users to obtain sensitive information by reading a dump file."
    },
    {
      "lang": "es",
      "value": "IBM SPSS Modeler 14.2 hasta la versi\u00f3n FP3 IF027, 15 hasta la versi\u00f3n FP3 IF015, 16 hasta la versi\u00f3n FP2 IF012, 17 hasta la versi\u00f3n FP1 IF018 y 17.1 hasta la versi\u00f3n IF008 incluye datos en texto plano no especificados en volcados de memoria, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de un archivo volcado."
    }
  ],
  "id": "CVE-2015-4991",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-02-15T02:59:04.700",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI46224"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI46224"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975663"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.