IBM is actively responding to the reported remote code execution vulnerability in the Apache Log4j 2 Java library dubbed Log4Shell (or LogJam).
The IBM SPSS Statistics Development team produced interim fixes for our currently supported versions, updating the Log4j .jar files to version 2.17.1. This version resolves CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 vulnerabilities.
- On 8 February 2022, IBM SPSS Statistics 18.104.22.168 was released incorporating the Log4j fixes found here. Update to SPSS Statistics 22.214.171.124(15) Windows or 126.96.36.199(14) macOS or the latest SPSS Statistics Subscription 188.8.131.52(15) Windows or 184.108.40.206(14) macOS.
- The fixes on this page are for supported versions before 220.127.116.11(14).
- These fixes are updated to include Log4j version 2.17.1.
- If you have downloaded fixes from this note before 18 January 2022 AND have deployed a version of IBM SPSS Statistics before release 18.104.22.168(192), download and apply these fixes.
- IBM SPSS Statistics On Prem
- IBM SPSS Statistics Desktop
- IBM SPSS Statistics Server
- IBM SPSS Statistics Subscription
- For example, if you have SPSS Statistics 27.0 deployed, update it to Statistics 27.0.1 before applying the associated interim fix.
- IBM SPSS Statistics 22.214.171.124 Modified Release 1 Fixpack 1 (version 126.96.36.199) has been released and incorporates the fixes on this page. Download and apply IBM SPSS Statistics 188.8.131.52.
- IBM SPSS Statistics Subscription updates via the "Help -> Check for updates" menu item and has recently been updated to incorporate the fixes found on this page. The interim fix found here applies to IBM SPSS Statistics Subscription release 184.108.40.206(142). The current release is 220.127.116.11(15) on Windows and 18.104.22.168(14) on macOS. Use the "Help -> Check for updates" menu and bring your IBM SPSS Statistics Subscription release to 22.214.171.124(15) Windows or 126.96.36.199(14) macOS.
If you do not know your current release and Fixpack level,
Fixpacks and Modified Releases:
03 March 2022