Coming to campus? Visit this page for important information.

Security vulnerability for SPSS users

SPSS CLIENT INTERIM FIX INSTRUCTIONS
IBM remediation for this security vulnerability is found in this IBM Tech Note with instructions and downloads to interim fixes: https://www.ibm.com/support/pages/node/6525830

Please note that before the interim fix (Fixpack) can be applied, the SPSS version must be fully patched. For example, if you have SPSS Statistics 27.0 deployed, you must first update it to Statistics 27.0.1 before applying the associated interim fix.

SPSS CONCURRENT LICENSE MANAGER UTILITY
SPSS Concurrent License Manager utility is not affected by this vulnerability. IBM SPSS leverages Sentinel RMS software and the developer has released a statement that confirms their infrastructure, applications, products, and services aren’t vulnerable to the CVE-2021-44228 exploit.
https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/

For additional information, here is a link to IBM’s general update on the Apache Log4j CVE-2021-44228 vulnerability:
https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/

For SPSS support, please contact spss@orion.on.ca. An ORION rep will respond to your inquiry within a half-business day Monday to Friday 9 am to 5 pm Eastern, excluding public holidays and limited support during Christmas-New Years.