Critical Severity

Security Bulletin: Apache Log4j vulnerabilities, CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15), affect IBM SPSS Statistics Server

Share this post:

Vulnerabilities exist in the version of Log4j that is part of IBM SPSS Statistics Server. IBM SPSS Statistics Server has addressed the vulnerabilities.

CVE(s): CVE-2021-45105, CVE-2021-45046

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM SPSS Statistics Server 28.0.1
IBM SPSS Statistics Server 27.0.1
IBM SPSS Statistics Server 26.0
IBM SPSS Statistics Server 25.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6537184
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215647
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/215195

More stories

Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)

May 24, 2022 | Critical Severity

IBM Sterling Connect:Direct for UNIX is affected but not classified as vulnerable to a remote code execution in Spring Framework (CVE-2022-22965) as it does not meet all of the following criteria: 1. JDK 9 or higher, 2. Apache Tomcat as the Servlet container, 3. Packaged as WAR (in contrast to a Spring Boot executable jar), 4. Spring-webmvc or spring-webflux dependency, 5. Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The fix includes Spring 2.6.6. ...read more


Security Bulletin: IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs

May 20, 2022 | Critical Severity

The libexpart parser that is used by IBM Tivoli Monitoring for parsing various configuration xml files and parsing soap requests is potentially vulnerable to the following remote code execution CVE's: CVE-2021-46143 CVE-2022-25314 CVE-2022-23990 CVE-2022-22825 CVE-2022-23852 CVE-2022-22824 CVE-2022-22823 CVE-2022-22826 CVE-2022-22827 CVE-2022-22822 CVE-2022-25315 and the following denial of service CVE's: CVE-2021-45960 CVE-2022-25236 CVE-2022-25235 CVE-2022-25313. Most of the vulnerabilities would require the system to be locally compromised such that a bad actor could modify file locally. ...read more


Security Bulletin: IBM Cloud Private is vulnerable to server-side request forgery due to Python (CVE-2021-29921)

May 20, 2022 | Critical Severity

There is a vulnerability in Python open source used by IBM Cloud Private for scripting. The vulnerability could be exploited by an attacker to conduct SSRF or local file include attacks. This bulletin identifies the security fixes to apply to address the Python vulnerability (CVE-2021-29921) ...read more