Lucene search

[email protected]NVD:CVE-2015-7489

HistoryJan 01, 2016 - 12:59 a.m.

CVE-2015-7489

2016-01-0100:59:01

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script.

Affected configurations

Nvd

Node

ibmspss_statisticsMatch22.0.0.2

ibmspss_statisticsMatch23.0.0.2

VendorProductVersionCPE
ibmspss_statistics22.0.0.2cpe:2.3:a:ibm:spss_statistics:22.0.0.2:*:*:*:*:*:*:*
ibmspss_statistics23.0.0.2cpe:2.3:a:ibm:spss_statistics:23.0.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	spss_statistics	22.0.0.2	cpe:2.3:a:ibm:spss_statistics:22.0.0.2:::::::*
ibm	spss_statistics	23.0.0.2	cpe:2.3:a:ibm:spss_statistics:23.0.0.2:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21973502

www.securitytracker.com/id/1034546

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

Related for NVD:CVE-2015-7489

cvelist1 cve1 prion1 ibm1