Lucene search

K
vulnrichmentIbmVULNRICHMENT:CVE-2022-43855
HistoryMar 08, 2024 - 5:52 p.m.

CVE-2022-43855 IBM SPSS Statistics denial of service

2024-03-0817:52:57
CWE-399
ibm
github.com
11
ibm spss statistics
denial of service
vulnerability
file handles
local user
ibm x-force id 230235

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

0

Percentile

9.0%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

IBM SPSS Statistics 26.0, 27.0.1, and 28.0 could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service. IBM X-Force ID: 230235.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SPSS Statistics",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "26.0, 27.0.1, 28.0"
      }
    ]
  }
]

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.2

Confidence

High

EPSS

0

Percentile

9.0%

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

Related for VULNRICHMENT:CVE-2022-43855