5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 1.6 and 1.7 that are used by IBM SPSS Statistics. These issues were disclosed as part of the IBM Java SDK updates in July 2015.
CVEID: CVE-2015-2613**
DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104734 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
**
CVEID:** CVE-2015-2601**
DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104733 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
**
CVEID:** CVE-2015-2625**
DESCRIPTION:** An unspecified vulnerability related to the JSSE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104743 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)
**
CVEID:** CVE-2015-1931**
DESCRIPTION:** IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102967 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)
IBM SPSS Statistics 19.0.0.2
IBM SPSS Statistics 20.0.0.2
IBM SPSS Statistics 21.0.0.2
IBM SPSS Statistics 22.0.0.2
IBM SPSS Statistics 23.0.0.0
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM SPSS Statistics| 19.0.0.2| PI48627| Install Statistics 19 FP002-IF004
IBM SPSS Statistics| 20.0.0.2| PI48627| Install Statistics 20 FP002 IF006
IBM SPSS Statistics| 21.0.0.2| PI48627| Install Statistics 21 FP002 IF008
IBM SPSS Statistics| 22.0.0.2| PI48627| Install Statistics 22 FP002 IF006
IBM SPSS Statistics| 23.0.0.0| PI48627| Install Statistics 23 FP002
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spss statistics | eq | 19.0 | |
ibm spss statistics | eq | 20.0 | |
ibm spss statistics | eq | 21.0 | |
ibm spss statistics | eq | 22.0 | |
ibm spss statistics | eq | 23.0 |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N