VYPR
← All advisories
Medium severity4.0NVD Advisory· Published Feb 15, 2016· Updated May 6, 2026

CVE-2015-4991

CVE-2015-4991

Description

IBM SPSS Modeler stores cleartext data in memory dumps, allowing local users to read sensitive information from dump files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM SPSS Modeler stores cleartext data in memory dumps, allowing local users to read sensitive information from dump files.

Vulnerability

IBM SPSS Modeler versions 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 store unspecified cleartext data in memory dumps. This affects all listed versions and earlier fix packs [1].

Exploitation

An attacker with local access to the system can read a memory dump file generated by the Modeler executables. No authentication or user interaction beyond local system access is required [1].

Impact

Successful exploitation allows a local attacker to obtain sensitive information (cleartext data) from the memory dump, which could aid in further attacks against the system. The confidentiality impact is low [1].

Mitigation

IBM has released fix packs for each affected version: 14.2 FP3 IF028, 15 FP3 IF016, 16 FP2 IF013, 17 FP1 IF019, and 17.1 IF009. No workarounds are available [1].

References
  1. Security Bulletin: Memory dump from Modeler executables contains cleartext strings (CVE-2015-4991)

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

15
  • IBM/Spss Modeler15 versions
    cpe:2.3:a:ibm:spss_modeler:14.2.0.0:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:ibm:spss_modeler:14.2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:spss_modeler:14.2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:spss_modeler:14.2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:spss_modeler:14.2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:spss_modeler:15.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:spss_modeler:15.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:spss_modeler:15.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:spss_modeler:15.0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:spss_modeler:16.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:spss_modeler:16.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:spss_modeler:16.0.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:spss_modeler:17.0.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:spss_modeler:17.0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:ibm:spss_modeler:17.1.0.0:*:*:*:*:*:*:*
    • (no CPE)range: 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, 17.1 through IF008

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.