IBM SPSS Statistics
Moderate fix4 remedies
cpe:2.3:a:ibm:spss_statistics:*:*:*:*:*:*:*
Moderate fix4 remedies
- 26.0
- 27.0.1
- 28.0.1
- 29.0.2
IBM SPSS Statistics Cryptographic Vulnerability Allowing Decryption of Sensitive Information
Vulnerability
Patched
A vulnerability exists in IBM SPSS Statistics versions 26.0, 27.0.1, 28.0.1, and 29.0.2, where weaker than expected cryptographic algorithms could enable an attacker to decrypt highly sensitive information. This issue arises because the Statistics server supports SHA-1 cipher suites, which were deprecated by NIST in 2011. Although theoretical attacks against SHA-1 were known until 2017, recent practical attacks have rendered its use risky.
Impact
Exploitation of this vulnerability could lead to the decryption of highly sensitive information, allowing unauthorized access to confidential data.
Remediation
Users of IBM SPSS Statistics versions 27.0.1, 28.0.1, and 29.0.2 can upgrade to the latest patched versions. Those on version 26.0 can request a free upgrade to version 27 by contacting IBM Support.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.2impact
2.5exploitability
4.7remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.