Vulnerability Management

IBM patches vulnerability in SPSS Statistics software

An IBM SPSS Statistics scripts permissions error can allow local users to gain elevated privileges, the company is reporting.

IBM's bulletin reported the vulnerability (CVE-2015-7489) on December 29. The report said the issue impacts IBM SPSS Statistics versions 22.0.0.2 and 23.0.0.2, which use a python scripts that have write permissions to Everyone. This would allow a local user to add malicious OS commands to the python code.

“These command will later be executed in case another user (for example an administrator) opens SPSS and uses that module,” IBM said in the bulletin.

IBM has issued interim fixes, 22.0.0.2-10 and 23.0.0.2-7 23.0.0.2-7, for both versions of the affected software.

IBM SPSS Statistics is a family of analytical products to include planning, data collection and analysis.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.