Security Bulletin: IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability (WS-2026-0003)

Summary IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength...

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2024-29371, CVE-2025-14923)

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2024-29371, CVE-2025-14923. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can...

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty (CVE-2025-14914, CVE-2025-12635)

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in IBM WebSphere Application Server Liberty CVE-2025-14914, CVE-2025-12635. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-14914 DESCRIPTION: IBM WebSphere Application Server Liberty...

Security Bulletin: IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec (CVE-2025-67735)

Summary IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec CVE-2025-67735. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...

Security Bulletin: IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika (CVE-2025-66516)

Summary IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and...

Security Bulletin: IBM SPSS Analytic Server is affected by XML External Entity injection vulnerability in Apache Tika (CVE-2025-54988)

Summary IBM SPSS Analytic Server is affected by XML External Entity injection vulnerability in Apache Tika CVE-2025-54988. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-54988 DESCRIPTION: Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika...

Security Bulletin: IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty Codec (CVE-2025-58056, CVE-2025-55163, CVE-2025-58057).

Summary IBM SPSS Analytic Server is affected by multiple vulnerabilities in Netty Codec CVE-2025-58056, CVE-2025-55163, CVE-2025-58057. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-55163 DESCRIPTION: Netty is an asynchronous, event-driven network...

Security Bulletin: Multiple vulnerabilities disclosed in Netty affect IBM SPSS Analytic Server

Summary Multiple vulnerabilities disclosed in Netty affect IBM SPSS Analytic Server CVE-2025-24970, CVE-2025-25193. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-24970 DESCRIPTION: Netty, an asynchronous, event-driven network application framework, has...

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM SPSS Analytic Server (CVE-2023-38737)

Summary Denial of Service vulnerability in WebSphere Liberty affects IBM SPSS Analytic Server CVE-2023-38737. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-38737 DESCRIPTION: IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerab...

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM SPSS Analytic Server (CVE-2024-40094)

Summary Denial of Service vulnerability in WebSphere Liberty affects IBM SPSS Analytic Server. This vulnerabilitiy has been addressed. Please read the details for remediation below. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: IBM SPSS Analytic Server is vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM SPSS Analytic Server is vulnerable to an XML External Entity XXE injection vulnerability CVE-2024-22354. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM SPSS Analytic...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server Liberty may affect IBM SPSS Analytic Server

Summary Multiple vulnerabilities in WebSphere Application Server Liberty may affect IBM SPSS Analytic Server CVE-2024-7254, CVE-2023-50314 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...

Security Bulletin: IBM SPSS Analytic Server is affected by netty vulnerability (CVE-2024-29025)

Summary IBM SPSS Analytic Server uses netty-codec-http-4.1.100.Final.jar which is vulnerable to CVE-2024-29025. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network...

Security Bulletin: Multiple vulnerabilities may affect IBM SPSS Analytic Server

Summary Multiple vulnerabilities in IBM WebSphere Application Server Liberty were addressed in IBM SPSS Analytic Server. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM SPSS Analyt...

Security Bulletin: IBM SPSS Analytic Server has addressed multiple security vulnerabilities (CVE-2022-48285, CVE-2022-48285)

Summary IBM SPSS Analytic Server has addressed multiple security vulnerabilities CVE-2022-48285, CVE-2022-48285 Vulnerability Details CVEID:CVE-2022-48285 DESCRIPTION: JSZip could allow a remote attacker to traverse directories on the system, caused by the failure to sanitize filenames when files...

Security Bulletin: IBM SPSS Analytic Server is affected by vulnerability in Netty (CVE-2022-41915)

Summary Netty is used by IBM SPSS Analytic Server. The latest patch includes Netty 4.1.109.Final to fix the vulnerability. Vulnerability Details CVEID:CVE-2022-41915 DESCRIPTION: Netty is vulnerable to HTTP response splitting attacks, caused by a flaw when calling DefaultHttpHeaders.set with an...

Security Bulletin: IBM SPSS Analytic Server is vulnerable to a privilege escalation due to RESTEasy (CVE-2023-0482)

Summary IBM SPSS Analytic Server is vulnerable to a privilege escalation due to RESTEasy CVE-2023-0482 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM SPSS Analytic Server| 3.5...

Security Bulletin: IBM SPSS Analytic Server is vulnerable to HTTP header injection(CVE-2022-34165)

Summary IBM SPSS Analytic Server uses IBM WebSphere Application Server Liberty which is vulnerabile to a HTTP header injection vulnerability. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-34165 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and...

Security Bulletin: Apache Commons Configuration Vulnerability affects IBM SPSS Analytic Server [CVE-2022-33980]

Summary There is a vulnerability in the version of Apache Commons Configuration that was included in IBM SPSS Analytic Server. This vulnerability has been addressed. CVE-2022-33980 Vulnerability Details CVEID:CVE-2022-33980 DESCRIPTION: Apache Commons Configuration could allow a remote attacker t...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to Identity Spoofing (CVE-2022-22476)

Summary There is a vulnerability in the version of IBM WebSphere Application Server Liberty that was included in IBM SPSS Analytic Server. This vulnerability has been addressed. CVE-2022-22476 Vulnerability Details CVEID:CVE-2022-22476 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0....