Weak Cryptographic Algorithms in IBM SPSS Statistics by IBM
CVE-2024-31896

5.9MEDIUM

Key Information:

Vendor: IBM
Status: Spss Statistics
Vendor: CVE Published:; 25 March 2025

What is CVE-2024-31896?

IBM SPSS Statistics versions 26.0, 27.0.1, 28.0.1, and 29.0.2 are affected by a vulnerability that arises from the use of cryptographic algorithms that do not meet the acceptable security standards. This weakness potentially allows unauthorized individuals to decrypt sensitive data, posing significant risks to data confidentiality and integrity.

Affected Version(s)

SPSS Statistics 26.0, 27.0.1, 28.0.1, 29.0.2

References

https://www.ibm.com/support/pages/node/7228971

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2025
Vulnerability Reserved
Apr 7, 2024