IBM8E0604F12A4D1055813836D0B9CF774A028563F360EFC6D3C74D82346B85666ESecurity Bulletin: Privilege escalation coverage gap in IBM SPSS Statistics (CVE-2015-7489)
EPSS
Percentile
29.4%
Summary
Harmful code may be executed because of privilege escalation coverage gap in IBM SPSS Statistics.
Vulnerability Details
CVEID: CVE-2015-7489**
DESCRIPTION:** IBM SPSS Statistics uses python scripts that have write permissions to Everyone. A local user can add malicious OS commands to the python code. These command will later be executed in case another user (for example an administrator) opens SPSS and uses that module.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/108785 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Products and Versions
IBM SPSS Statistics 22.0.0.2
IBM SPSS Statistics 23.0.0.2
Remediation/Fixes
Product
| VRMF| Remediation
—|—|—
IBM SPSS Statistics| 22.0.0.2| Install interim fix 22.0.0.2-10
22.0-IM-S22STAT-AIX-FP002-IF010
22.0-IM-S22STAT-Solaris-FP002-IF010
22.0-IM-S22STAT-MAC-FP002-IF010
22.0-IM-S22STAT-Linux8664-FP002-IF010
22.0-IM-S22STAT-zLinux-FP002-IF010
IBM SPSS Statistics| 23.0.0.2| Install interim fix 23.0.0.2-7
23.0-IM-S23STAT-AIX-FP002-IF007
23.0-IM-S23STAT-WIN-FP002-IF007
23.0-IM-S23STAT-Solaris-FP002-IF007
23.0-IM-S23STAT-Linux8664-FP002-IF007
23.0-IM-S23STAT-MAC-FP002-IF007
23.0-IM-S23STAT-zLinux-FP002-IF007
Workarounds and Mitigations
None
Related
EPSS
Percentile
29.4%