Lucene search

IbmVULNRICHMENT:CVE-2022-43855

HistoryMar 08, 2024 - 5:52 p.m.

CVE-2022-43855 IBM SPSS Statistics denial of service

2024-03-0817:52:57

CWE-399

ibm

github.com

ibm spss statistics

denial of service

vulnerability

file handles

local user

ibm x-force id 230235

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM SPSS Statistics 26.0, 27.0.1, and 28.0 could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service. IBM X-Force ID: 230235.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SPSS Statistics",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "26.0, 27.0.1, 28.0"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/239235

www.ibm.com/support/pages/node/7130881

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2022-43855