Critical Severity

Security Bulletin: Multiple vulnerabilities in Spring Framework affect SPSS Collaboration and Deployment Services

Share this post:

There are multiple vulnerabilities in Spring Framework used by SPSS Collaboration and Deployment Services. SPSS Collaboration and Deployment Services is affected but not classified as vulnerable to these issues. The fix includes Spring 5.3.20.

CVE(s): CVE-2022-22950, CVE-2022-22965, CVE-2022-22970, CVE-2022-22968, CVE-2022-22971

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
SPSS Collaboration and Deployment Services 8.3
SPSS Collaboration and Deployment Services 8.2.2
SPSS Collaboration and Deployment Services 8.2.1
SPSS Collaboration and Deployment Services 8.2
SPSS Collaboration and Deployment Services 8.1.1
SPSS Collaboration and Deployment Services 8.1
SPSS Collaboration and Deployment Services 8.0

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6590869
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/223096
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/223103
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/226491
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/224374
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/226492

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in GnuPG [CVE-2022-3515 and CVE-2022-34903]

November 30, 2022 | Critical Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of GnuPG. [CVE-2022-3515 and CVE-2022-34903] This has been addressed. ...read more


Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Text [CVE-2022-42889]

November 30, 2022 | Critical Severity

Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. IBM Sterling Control Center uses Apache Commons Text and the issue has been addressed. [CVE-2022-42889] ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Text [CVE-2022-42889]

November 30, 2022 | Critical Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Text. [CVE-2022-42889] This has been addressed. ...read more