Vulnerability Details : CVE-2013-6724
Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2013-6724
Probability of exploitation activity in the next 30 days: 6.93%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-6724
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2013-6724
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89279
IBM SPSS SamplePower ActiveX control code execution CVE-2013-6724 Vulnerability Report
-
http://www-01.ibm.com/support/docview.wss?uid=swg21663250
IBM Security Bulletin: IBM SPSS SamplePower vsflex8l ActiveX Control ComboList Property Remote Code Execution Vulnerability (CVE-2013-6724)Vendor Advisory
Products affected by CVE-2013-6724
- cpe:2.3:a:ibm:spss_samplepower:3.0.1.0:*:*:*:*:*:*:*