IBM Support

Apache Log4j CVE-2021-44228 vulnerability in IBM SPSS Modeler, IBM SPSS Analytic Server, and IBM SPSS Collaboration and Deployment Services

Troubleshooting


Problem

The popular log4j library security issues recently documented affect certain IBM SPSS Modeler, IBM SPSS Analytic Server, and IBM SPSS Collaboration and Deployment Services deployments.  
CVE-2021-44228 is known to affect log4j 2.0-2.14 that is used by the following products:
IBM SPSS Collaboration and Deployment Services 8.3 (Server, Remote Process Server, Remote Scoring Server, and Deployment Manager)
IBM SPSS Analytic Server 3.2.2 and 3.3
IBM SPSS Modeler 18.3, 18.2.2 (Client, Server, Batch, and Solution Publisher)
IBM SPSS Modeler Premium 18.3, 18.2.2
Patches for this issue are available for all affected components.

CVE-2021-4104 is reported to affect log4j 1.x (some sources state it affects strictly 1.2 while others are reporting 1.x).

Older versions of IBM SPSS Modeler (including Premium components), IBM SPSS Analytic Server, and IBM SPSS Collaboration and Deployment Services use various versions of log4j 1.x.  

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS69YH","label":"IBM SPSS Collaboration and Deployment Services"},"ARM Category":[{"code":"a8m0z0000001euWAAQ","label":"Collaboration and Deployment Services-\u003EKnown Issues"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.3.0"},{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSWLVY","label":"IBM SPSS Analytic Server"},"ARM Category":[{"code":"a8m0z000000CbaWAAS","label":"Analytic Server-\u003EFixes"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2.2;3.3.0"},{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS3RA7","label":"IBM SPSS Modeler"},"ARM Category":[{"code":"a8m50000000L2HaAAK","label":"Modeler-\u003EKnown defects"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"18.3.0"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
03 April 2023

UID

ibm16526176

Page Feedback