CVE-2022-43855 - Vulnerability Details - OpenCVE

IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Ibm	Spss Statistics

Configuration 1 [-]

OR	cpe:2.3:a:ibm:spss_statistics:26.0.0.0:::::::*
	cpe:2.3:a:ibm:spss_statistics:27.0.1.0:::::::*
	cpe:2.3:a:ibm:spss_statistics:28.0.0.0:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/239235
https://www.ibm.com/support/pages/node/7130881

History

Tue, 10 Jun 2025 20:15:00 +0000

Type	Values Removed	Values Added
Description	IBM SPSS Statistics 26.0, 27.0.1, and 28.0 could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service. IBM X-Force ID: 230235.	IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service.

Tue, 07 Jan 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm Ibm spss Statistics
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:ibm:spss_statistics:26.0.0.0:::::::* cpe:2.3:a:ibm:spss_statistics:27.0.1.0:::::::* cpe:2.3:a:ibm:spss_statistics:28.0.0.0:::::::*
Vendors & Products		Ibm Ibm spss Statistics

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-03-08T17:52:57.326Z

Updated: 2025-06-10T20:08:23.966Z

Reserved: 2022-10-26T15:46:22.823Z

Link: CVE-2022-43855

Vulnrichment

Updated: 2024-08-03T13:40:06.581Z

NVD

Status : Modified

Published: 2024-03-08T18:15:48.283

Modified: 2025-06-10T20:15:21.210

Link: CVE-2022-43855

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-43855", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2022-10-26T15:46:22.823Z", "datePublished": "2024-03-08T17:52:57.326Z", "dateUpdated": "2025-06-10T20:08:23.966Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:spss_statistics:26.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:spss_statistics:27.0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:spss_statistics:28.0.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "SPSS Statistics", "vendor": "IBM", "versions": [{"status": "affected", "version": "26.0, 27.0.1, 28.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service. "}], "value": "IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-399", "description": "CWE-399 Resource Management Errors", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-06-10T20:08:23.966Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7130881"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM SPSS Statistics denial of service", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-43855", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-11T14:09:22.860645Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:16:19.933Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:06.581Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7130881"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239235"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/7130881", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239235", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:40:06.581Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-43855", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-11T14:09:22.860645Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:16.680Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "IBM SPSS Statistics denial of service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:ibm:spss_statistics:26.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:spss_statistics:27.0.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:spss_statistics:28.0.0.0:*:*:*:*:*:*:*"], "vendor": "IBM", "product": "SPSS Statistics", "versions": [{"status": "affected", "version": "26.0, 27.0.1, 28.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7130881", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service.", "supportingMedia": [{"type": "text/html", "value": "IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-399", "description": "CWE-399 Resource Management Errors"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-06-10T20:08:23.966Z"}}}, "cveMetadata": {"cveId": "CVE-2022-43855", "state": "PUBLISHED", "dateUpdated": "2025-06-10T20:08:23.966Z", "dateReserved": "2022-10-26T15:46:22.823Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-03-08T17:52:57.326Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:spss_statistics:26.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "241189CD-33AF-406E-BF50-C0E56830FDAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spss_statistics:27.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C015B1C6-9458-4229-B49A-F87113AD53E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:spss_statistics:28.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B7D7D53-FFFC-42DE-8A7F-7421FC3D426D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM SPSS Statistics 26.0, 27.0.1, and 28.0 IO Module could allow a local user to create multiple files that could exhaust the file handles capacity and cause a denial of service."}, {"lang": "es", "value": "IBM SPSS Statistics 26.0, 27.0.1 y 28.0 podr\u00eda permitir que un usuario local cree varios archivos que podr\u00edan agotar la capacidad de manejo de archivos y provocar una denegaci\u00f3n de servicio. ID de IBM X-Force: 230235."}], "id": "CVE-2022-43855", "lastModified": "2025-06-10T20:15:21.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-08T18:15:48.283", "references": [{"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7130881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239235"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7130881"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "psirt@us.ibm.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}