Cyber Posture

CVE-2024-31896

Medium

Published: 25 March 2025

Published
25 March 2025
Modified
18 August 2025
KEV Added
Patch
CVSS Score 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0009 24.8th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-31896 is a medium-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Ibm Spss Statistics. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 24.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-13 Cryptographic Protection good match
prevent

Mandates implementation of approved cryptographic mechanisms to protect sensitive information confidentiality, directly countering the use of weak algorithms in IBM SPSS Statistics.

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of flaws like this cryptographic weakness via patching as detailed in the IBM security advisory.

SC-12 Cryptographic Key Establishment and Management partial match
prevent

Enforces NIST-approved cryptographic key establishment and management processes that inherently require strong algorithms, mitigating risks from weak crypto usage.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
attack.mitre.org →
Why these techniques?

The cryptographic weakness allows decryption of sensitive information stored or transmitted by the software, directly facilitating data collection from local systems (T1005) and network sniffing (T1040) to obtain that information.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

Deeper analysisAI

CVE-2024-31896 is a cryptographic weakness (CWE-327: Broken or Risky Cryptographic Algorithm) in IBM SPSS Statistics versions 26.0, 27.0.1, 28.0.1, and 29.0.2. The affected software uses weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Published on 2025-03-25, it carries a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity primarily due to high confidentiality impact.

A remote network attacker (AV:N) with no privileges (PR:N) or user interaction (UI:N) required could exploit this vulnerability, though it demands high attack complexity (AC:H). Successful exploitation would result in high confidentiality impact (C:H), enabling the decryption of highly sensitive information stored or transmitted by the affected SPSS Statistics installations, with no integrity or availability disruption.

IBM provides details on the vulnerability, affected versions, and remediation steps in their security advisory at https://www.ibm.com/support/pages/node/7228971.

Details

CWE(s)
CWE-327

Affected Products

ibm
spss statistics
26.0.0.0, 27.0.1.0, 28.0.1.0, 29.0.2.0

CVEs Like This One

CVE-2025-14480Same vendor: Ibm
CVE-2024-22347Same vendor: Ibm
CVE-2024-27256Same vendor: Ibm
CVE-2026-0977Same vendor: Ibm
CVE-2025-1722Same vendor: Ibm
CVE-2025-13108Same vendor: Ibm
CVE-2024-56340Same vendor: Ibm
CVE-2025-0162Same vendor: Ibm
CVE-2026-1567Same vendor: Ibm
CVE-2026-4788Same vendor: Ibm

References