Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics

2020-10-2221:58:28

www.ibm.com

0.001 Low

EPSS

Percentile

28.5%

JSON

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Versions 7.0, 7.1, and 8.0 used by IBM SPSS Statistics. IBM SPSS Statistics has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2020-2590
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174538 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
SPSS Statistics	27.0
SPSS Statistics	26.0
SPSS Statistics	25.0
SPSS Statistics	24.0
SPSS Statistics	23.0

Remediation/Fixes

Affected Products	Versions	Fixes
SPSS Statistics	27.0	Install Statistics 27 GA-IF003
SPSS Statistics	26.0	Install Statistics 26 FP001-IF009
SPSS Statistics	25.0	Install Statistics 25 FP002-IF010
SPSS Statistics	24.0	Install Statistics 24 FP002-IF023
SPSS Statistics	23.0	Install Statistics 23 FP003-IF021

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spss statisticseq23.0.0.3
ibm spss statisticseq24.0.0.2
ibm spss statisticseq25.0.0.2
ibm spss statisticseq26.0.0.1
ibm spss statisticseq27.0.0.0
ibm spss statisticseq27.0.1

Name	Operator	Version
ibm spss statistics	eq	23.0.0.3
ibm spss statistics	eq	24.0.0.2
ibm spss statistics	eq	25.0.0.2
ibm spss statistics	eq	26.0.0.1
ibm spss statistics	eq	27.0.0.0
ibm spss statistics	eq	27.0.1