Skip to main content

Spss Statistics

5 CVEs product

Monthly

CVE-2024-31896 MEDIUM This Month

IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Spss Statistics
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2021-38959 MEDIUM This Month

IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Microsoft Memory Corruption Denial Of Service +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2015-8530 MEDIUM This Month

Stack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM RCE Buffer Overflow Spss Statistics
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2015-7489 HIGH This Week

IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Python Privilege Escalation Spss Statistics
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2015-0140 MEDIUM PATCH This Month

An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 on 32-bit platforms allows remote attackers to execute arbitrary code via a crafted HTML document. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM RCE Spss Statistics
NVD
CVSS 2.0
6.8
EPSS
1.8%
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure IBM Spss Statistics
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Microsoft +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Stack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Python Privilege Escalation +1
NVD
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 on 32-bit platforms allows remote attackers to execute arbitrary code via a crafted HTML document. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

IBM RCE Spss Statistics
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy