Vulnerability Details : CVE-2015-4991
IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows local users to obtain sensitive information by reading a dump file.
Vulnerability category: Information leak
Products affected by CVE-2015-4991
- cpe:2.3:a:ibm:spss_modeler:14.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spss_modeler:14.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spss_modeler:14.2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spss_modeler:15.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spss_modeler:14.2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spss_modeler:15.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spss_modeler:16.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spss_modeler:16.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spss_modeler:16.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spss_modeler:15.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spss_modeler:17.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spss_modeler:17.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spss_modeler:15.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:spss_modeler:17.0.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4991
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4991
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
4.0
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.5
|
1.4
|
NIST |
CWE ids for CVE-2015-4991
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4991
-
http://www-01.ibm.com/support/docview.wss?uid=swg21975663
IBM Security Bulletin: Memory dump from Modeler executables contains cleartext strings (CVE-2015-4991)Vendor Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg1PI46224
IBM PI46224: Security APAR CVE-2015-4991Vendor Advisory
Jump to