2 matches found
Security Bulletin: Privilege escalation coverage gap in IBM SPSS Statistics (CVE-2015-7489)
Summary Harmful code may be executed because of privilege escalation coverage gap in IBM SPSS Statistics. Vulnerability Details CVEID: CVE-2015-7489 DESCRIPTION: IBM SPSS Statistics uses python scripts that have write permissions to Everyone. A local user can add malicious OS commands to the pyth...
CVE-2015-7489
CVE-2015-7489 affects IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7. The root cause is that Python scripts are written with permissive, globally writable permissions (Everyone: Write), enabling a local user to modify a script and potentially execute privileged actions. The IBM ...