CVE-2013-6739
Description
IBM SPSS Modeler before version 16 on UNIX allows remote authenticated users to bypass access restrictions by using an SSO token.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM SPSS Modeler before version 16 on UNIX allows remote authenticated users to bypass access restrictions by using an SSO token.
Vulnerability
IBM SPSS Modeler versions 14 through 15.0 on UNIX platforms incorrectly accept Single Sign-On (SSO) tokens, even though SSO is only intended for Windows [1]. This allows a remote authenticated user to bypass intended access restrictions. Affected versions are prior to version 16.
Exploitation
An attacker needs valid authentication credentials to the SPSS Modeler server. They can then present an SSO token to connect and run a session, bypassing access controls that should be enforced on UNIX [1].
Impact
Successful exploitation allows the attacker to gain unauthorized access to the server and run sessions, leading to partial confidentiality and integrity impact (CVSS 5.5) [1]. The attacker can potentially view or modify data they should not have access to.
Mitigation
The fix is to upgrade to IBM SPSS Modeler version 16 or later [1]. No workaround is mentioned. The vulnerability is not listed on CISA KEV.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <16
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- www-01.ibm.com/support/docview.wssmitrex_refsource_CONFIRM
- exchange.xforce.ibmcloud.com/vulnerabilities/89855mitrevdb-entryx_refsource_XF
News mentions
0No linked articles in our index yet.