Cyber Resilience

CVE-2024-31896

Medium

Published: 25 March 2025

Published
25 March 2025
Modified
18 August 2025
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0009 25.0th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-31896 is a medium-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Ibm Spss Statistics. Its CVSS base score is 5.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 25.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-31896 is a cryptographic weakness (CWE-327: Broken or Risky Cryptographic Algorithm) in IBM SPSS Statistics versions 26.0, 27.0.1, 28.0.1, and 29.0.2. The affected software uses weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Published on 2025-03-25, it carries a CVSS v3.1 base score of 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity primarily due to high confidentiality impact.

A remote network attacker (AV:N) with no privileges (PR:N) or user interaction (UI:N) required could exploit this vulnerability, though it demands high attack complexity (AC:H). Successful exploitation would result in high confidentiality impact (C:H), enabling the decryption of highly sensitive information stored or transmitted by the affected SPSS Statistics installations, with no integrity or availability disruption.

IBM provides details on the vulnerability, affected versions, and remediation steps in their security advisory at https://www.ibm.com/support/pages/node/7228971.

EU & UK References

Vulnerability details

IBM SPSS Statistics 26.0, 27.0.1, 28.0.1, and 29.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
Why these techniques?

The cryptographic weakness allows decryption of sensitive information stored or transmitted by the software, directly facilitating data collection from local systems (T1005) and network sniffing (T1040) to obtain that information.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-27256Same vendor: Ibm
CVE-2024-22347Same vendor: Ibm
CVE-2025-14480Same vendor: Ibm
CVE-2024-43187Same vendor: Ibm
CVE-2024-28766Same vendor: Ibm
CVE-2026-0977Same vendor: Ibm
CVE-2025-13108Same vendor: Ibm
CVE-2025-1722Same vendor: Ibm
CVE-2025-0162Same vendor: Ibm
CVE-2026-4788Same vendor: Ibm

Affected Assets

ibm
spss statistics
26.0.0.0, 27.0.1.0, 28.0.1.0, 29.0.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates implementation of approved cryptographic mechanisms to protect sensitive information confidentiality, directly countering the use of weak algorithms in IBM SPSS Statistics.

prevent

Requires timely identification, reporting, and correction of flaws like this cryptographic weakness via patching as detailed in the IBM security advisory.

prevent

Enforces NIST-approved cryptographic key establishment and management processes that inherently require strong algorithms, mitigating risks from weak crypto usage.

References