SPSS Statistics

 View Only
  • 1.  Install interim fix 22.0.0.2-10

    Posted Wed May 03, 2023 09:31 AM

    I don't see a download for Windows for the IBM SPSS Statstics - Install interim fix 22.0.0.2-10.

    Security Bulletin: Privilege escalation coverage gap in IBM SPSS Statistics (CVE-2015-7489)

    Is there a Windows download?  Or a later interim fix that covers this CVE?



    ------------------------------
    Jay Griffin
    ------------------------------


  • 2.  RE: Install interim fix 22.0.0.2-10

    Posted Mon May 15, 2023 03:38 PM
    Edited by David Dwyer Mon May 15, 2023 03:38 PM

    Hi @Jay Griffin 

    According to the link you supply, it doesn't look like an interim fix was created for Statistics 22.0.0.2 on Windows.  Ordinarily, I would expect that once a fix was found in code, then it would be incorporated into the next release.  But this link also has a fix for Statistics 23.0.0.2 posted.  So this must have been something reported against IBM SPSS Statistics 23.0 and then a fix was back-ported to 22.0.

    IBM SPSS Statistics 22.0 reached End of Support 2019-09-30
    IBM SPSS Statistics 23.0 reached End of Support 2020-09-30

    The next releases, where the above fixes would have been added as part of the next release have themselves reached End of Support.  There is no further development activity of any kind on these releases.

    IBM SPSS Statistic 24.0 reached End of Support 2021-09-30
    IBM SPSS Statistic 25.0 reached End of Support 2022-09-30
    IBM SPSS Statistic 26.0 will reach End of Support 2023-09-30

    My strongest recommendation for averting this CVE is for you to install the current release, IBM SPSS Statistics 29.0.1.0



    ------------------------------
    David Dwyer
    SPSS Technical Support
    IBM Software
    ------------------------------