Ido Hoorvitch

**Name of the Vulnerable Software and Affected Versions** IBM SPSS Statistics for Windows versions 24.0 through 28.0 **Description** The issue allows a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. **Recommendations** For versions 24.0 through 28.0, consider restricting write access to admin protected directories to prevent arbitrary file writing until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IBM SPSS Modeler Subscription Installer (affected versions not specified) **Description** A vulnerability exists in the IBM SPSS Modeler Subscription Installer, allowing a user with create symbolic link permission to write arbitrary files in another protected path during product installation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.