Issue
IBM have informed us of a combination of two flaws in the Java Secure Socket Extension (JSSE) component and IBMJCEPlus* security provider that expose some IBM Java releases to various cryptographic attacks when acting as a Transport Layer Security (TLS) server
*The IBMJCEPlus and IBMJCEPlusFIPS cryptographic providers are implementations of the Java™ Cryptography Extensions (JCE) APIs, which include, for example: ciphers, signatures, message digests, MACs and HMACs, secure random number generation, and key generation.
Solution:
IBM SPSS Statistics is not directly affected but IBM have issued an Interim Fix (i.e. a patch) for the relevant versions. This interim fix has the updated the Java Runtime Environment (JRE) of each major SPSS Statistics release (27.0.1, 28.0.1, and 29.0.2).
The direct links for the Interim Fixes are below. These are zip files, so you’ll need to uncompress them once downloaded. The instructions on how to apply the Interim Fix are available in the Readme text file of the download file.