Description
IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.
References (2)
Core 2
Core References
Broken Link, Patch, Vendor Advisory vendor-advisory
https://https://www.ibm.com/support/pages/node/7004299
VDB Entry, Vendor Advisory vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/256117
Scores
CVSS v3
6.2
EPSS
0.0003
EPSS Percentile
7.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (6)
ibm/spss_modeler
17.0
ibm/spss_modeler
18.0
ibm/spss_modeler
18.2.2
ibm/spss_modeler
18.3
ibm/spss_modeler
18.4
ibm/spss_modeler
18.5
Published
Jun 22, 2023
Tracked Since
Feb 18, 2026