Skip to main content

Verifying SPSS Log4j Vulnerability Fix - Knowledgebase / Software - OIT Service Center

Verifying SPSS Log4j Vulnerability Fix

Brown’s Office of Information Technology (OIT) has recently learned that IBM’s SPSS Statistics application is vulnerable to the “log4j'' exploit, which can allow unauthorized users to take over your Windows or Mac computer. Starting on January 24, OIT is automatically updating the susceptible SPSS files on Brown-managed Mac and Windows computers, so you do not need to take action. If your computer is not in Brown’s management systems, and you have SPSS installed on your computer, please visit software.brown.edu, click the link for your version of SPSS (25 through 27) and follow the instructions to install the fix manually from the links in the right-hand menu.

If you are running SPSS 24 or below, you should upgrade your software to current/supported versions from software.brown.edu.

To check if your system has been updated:

For Windows:

1.  Click Start Menu

2.  Type File Explorer and hit enter

3.  Click on "This PC" on the left pane

4.  Browse to the folder location based on your version of the software (25, 26, or 27)

For MacOS: 

1.  Open Finder

2.  Click on Applications

3.  Locate "SPSS Statistics.app" (This will be nested in at least one folder labeled "IBM")

4. Right click on SPSS Statistics.app and select "Show Package Contents" to browse to the folder path defined below. 

Folder LocationFiles to look for
Version 25:
Windows:  C:\Program Files\IBM\SPSS\Statistics\25\
Mac:  Applications/IBM/SPSS/Statistics/25/SPSSStatistics.app/Contents/bin/
log4j-1.2-api-2.16.0.jar
log4j-api-2.16.0.jar
log4j-core-2.16.0.jar
Version 26:
Windows:  C:\Program Files\IBM\SPSS\Statistics\26\
Mac:  Applications/IBM/SPSS/Statistics/26/SPSSStatistics.app/Contents/bin/
log4j-1.2-api-2.16.0.jar
log4j-api-2.16.0.jar
log4j-core-2.16.0.jar
Version 27:
Windows:  C:\Program Files\IBM\SPSS\Statistics\27\
Mac:  Applications/IBM SPSS Statistics 27/SPSS Statistics.app/Contents/bin/
log4j-1.2-api-2.16.0.jar
log4j-api-2.16.0.jar
log4j-core-2.16.0.jar


If these files are present in the noted location, your computer has been patched for the SPSS Log4j vulnerability


Helpful Unhelpful

0 of 1 people found this page helpful

Send us a note about this article

Contact the OIT Service Center

Phone: 401-863-4357

Email: help@brown.edu

Location: Page Robinson Hall - 69 Brown St., Room 510

See our availability

https://it.brown.edu/get-help

Walk-ins Welcome! Appointments recommended.

For reserved service for a technical consult or a loaner check-out, you can schedule an appointment here.