Security Bulletin: IBM SPSS Modeler Premium - Text Analytics SSL Spoofing (CVE-2012-5785)
IBM PSIRT 270004PFE3 email@example.com | | Tags:  psirtmedium psirtba
0 Comments | 1,016 Visits
When using the Text Analytics Server from the IBM SPSS Modeler Premium product with the SSL option enabled (default is disabled), then an SSL connection can be established without verifying the hostname of the target connection against the name on the SSL certificate. This could make the connection vulnerable to a man-in-the-middle attack.
Affected product(s) & Affected version(s): Versions 14.2 through 15.0 of IBM SPSS Modeler Premium - Text Analytics running on all supported platforms are affected.
Refer to the following reference URLs for remediation and additional vulnerability details.