CVE-2021-38959

MEDIUM

IBM SPSS Statistics 24.0-28.0 - Denial of Service via Arbitrary File Write

Title source: llm
STIX 2.1

Description

IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. IBM X-Force ID: 212046.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6516680
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/212046

Scores

CVSS v3 5.5
EPSS 0.0004
EPSS Percentile 11.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-787
Status published
Products (6)
ibm/spss_statistics 24.0.0.0
ibm/spss_statistics 25.0.0.0
ibm/spss_statistics 26.0.0.0
ibm/spss_statistics 27.0.0.0
ibm/spss_statistics 27.0.1.0
ibm/spss_statistics 28.0.0.0
Published Nov 17, 2021
Tracked Since Feb 18, 2026