Security Bulletin: Update JRE for Older Versions of IBM SPSS Statistics

Security Bulletin

Summary

Vulnerabilities related to encryption were found in older versions of the Java Runtime Environment (JRE). This Interim Fix addresses those problems. The IF applies to all applicable Java SE CVEs published by Oracle as part of their April 2025 Critical Patch Update plus CVE-2025-4447.

Vulnerability Details

CVEID:   CVE-2025-21587
DESCRIPTION:   An unspecified vulnerability in Java SE related to the Server: DDL component could allow a remote attacker to cause high confidentiality and high integrity impact.
CWE:   CWE-284: Improper Access Control
CVSS Base score:   7.4
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2025-30698
DESCRIPTION:   An unspecified vulnerability in Java SE related to the 2D component could allow a remote attacker to cause low confidentiality, low integrity and low availability impact.
CWE:   CWE-284: Improper Access Control
CVSS Base score:   5.6
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2025-4447
DESCRIPTION:   In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.
CWE:   CWE-121: Stack-based Buffer Overflow
CVSS Base score:   7
CVSS Vector:   (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Instructions in english

Uncompress and unzip the JRE fix below into a temporary folder and read the Readme.txt file for detailed instructions in english for the following operating systems; Linux64, MacOS, pLinux64, Win64, zLinux64,

Asennusohje suomeksi - Windows:

Asennusohje suomeksi - Mac:

Remediation/Fixes

Version 27: 27.0.1.0-IM-S27STAT-ALL-IF031

Version 28: 28.0.1.1-IM-S28STAT-ALL-IF012

Version 29: 29.0.2.0-IM-S29STAT-ALL-IF01629.0.2.0-IM-S29STAT-ALL-IF016

Version 30: 30.0.0.0-IM-S30STAT-ALL-IF009

Version 31: 31.0.0.0-IM-S31STAT-ALL-IF001