CVE-2015-7489 - OpenCVE

IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Ibm	Spss Statistics

Configuration 1 [-]

OR	cpe:2.3:a:ibm:spss_statistics:22.0.0.2:::::::*
	cpe:2.3:a:ibm:spss_statistics:23.0.0.2:::::::*

References

Link	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21973502	Vendor Advisory
http://www.securitytracker.com/id/1034546

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: ibm

Published: 2016-01-01T00:00:00

Updated: 2016-12-05T14:57:01

Reserved: 2015-09-29T00:00:00

Link: CVE-2015-7489

JSON object: View

NVD Information

Status : Modified

Published: 2016-01-01T00:59:01.057

Modified: 2016-12-07T18:24:04.463

Link: CVE-2015-7489

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spss_statistics:22.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "0784DE5C-2DC4-4E45-9D7C-BCC61F5E9150", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spss_statistics:23.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E1DAFBE4-F024-4786-A0A5-4931E5BAE8FF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script."}, {"lang": "es", "value": "IBM SPSS Statistics 22.0.0.2 en versiones anteriores a IF10 y 23.0.0.2 en versiones anteriores a IF7 utiliza permisos d\u00e9biles (Todos: Escribir) para secuencias de comandos Python, lo que permite a usuarios locales obtener privilegios modificando una secuencia de comandos."}], "id": "CVE-2015-7489", "lastModified": "2016-12-07T18:24:04.463", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-01-01T00:59:01.057", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973502"}, {"source": "psirt@us.ibm.com", "url": "http://www.securitytracker.com/id/1034546"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}