Fix Readme
Abstract
A vulnerability in the IBM SPSS Statistics installer could allow a non-admin user with local access to corrupt single files in the file system.
Content
A non-admin user with local login could make use of an IBM SPSS installation directory during install/re-install of the software to corrupt single files within the file system.
To avoid this issue, check for the existence of the "C:\ProgramData\SPSS" and delete it prior to installing or re-installing the IBM SPSS Statistics Software.
- The software in no longer vulnerable after installation.
- The software in no longer vulnerable after installation.
- IBM SPSS Statistics 28.0 and later are not vulnerable.
For complete avoidance of this issue, upgrade to IBM SPSS Statistics 28.0 or later.
For more detailed information about this vulnerability please see CVE-2021-38959
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSLVMB","label":"IBM SPSS Statistics"},"ARM Category":[{"code":"a8m500000008Ty6AAE","label":"Statistics-\u003EInstallation"}],"Platform":[{"code":"PF033","label":"Windows"}],"Version":"19.0.0;20.0.0;21.0.0;22.0.0;23.0.0;24.0.0;25.0.0;26.0.0;27.0.0;27.0.1"}]
Was this topic helpful?
Document Information
Modified date:
16 November 2021
UID
ibm16489289