CVE-2024-31896

Summary

IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Affected Software

VendorProductVersion RangeStatus
IBMSPSS Statistics26.0affected
IBMSPSS Statistics27.0.1affected
IBMSPSS Statistics28.0.1affected
IBMSPSS Statistics29.0.2affected

Weaknesses

  • CWE-327: CWE-327 Use of a Broken or Risky Cryptographic Algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References