Harmful code may be executed because of privilege escalation coverage gap in IBM SPSS Statistics.
CVEID: CVE-2015-7489**
DESCRIPTION:** IBM SPSS Statistics uses python scripts that have write permissions to Everyone. A local user can add malicious OS commands to the python code. These command will later be executed in case another user (for example an administrator) opens SPSS and uses that module.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108785 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
IBM SPSS Statistics 22.0.0.2
IBM SPSS Statistics 23.0.0.2
Product
| VRMF| Remediation
—|—|—
IBM SPSS Statistics| 22.0.0.2| Install interim fix 22.0.0.2-10
22.0-IM-S22STAT-AIX-FP002-IF010
22.0-IM-S22STAT-Solaris-FP002-IF010
22.0-IM-S22STAT-MAC-FP002-IF010
22.0-IM-S22STAT-Linux8664-FP002-IF010
22.0-IM-S22STAT-zLinux-FP002-IF010
IBM SPSS Statistics| 23.0.0.2| Install interim fix 23.0.0.2-7
23.0-IM-S23STAT-AIX-FP002-IF007
23.0-IM-S23STAT-WIN-FP002-IF007
23.0-IM-S23STAT-Solaris-FP002-IF007
23.0-IM-S23STAT-Linux8664-FP002-IF007
23.0-IM-S23STAT-MAC-FP002-IF007
23.0-IM-S23STAT-zLinux-FP002-IF007
None