IBM patches vulnerability in SPSS Statistics software

News by Doug Olenick

IBM said a permissions error in its SPSS Statistics scripts could allow local users to gain elevated privileges, the company reported.

An IBM SPSS Statistics scripts permissions error can allow local users to gain elevated privileges, the company is reporting.

IBM's bulletin reported the vulnerability (CVE-2015-7489) on December 29. The report said the issue impacts IBM SPSS Statistics versions and, which use a python scripts that have write permissions to Everyone. This would allow a local user to add malicious OS commands to the python code.

“These command will later be executed in case another user (for example an administrator) opens SPSS and uses that module,” IBM said in the bulletin.

IBM has issued interim fixes, and, for both versions of the affected software.

IBM SPSS Statistics is a family of analytical products to include planning, data collection and analysis.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop