CVE-2023-33850
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IBM | TXSeries for Multiplatforms | 8.1, 8.2, 9.1 | affected |
| IBM | CICS TX Standard | 11.1 | affected |
| IBM | CICS TX Advanced | 10.1, 11.1 | affected |
Weaknesses
- CWE-203: CWE-203 Observable Discrepancy
ADP Enrichment
CVE Program Container
Additional References
- https://www.ibm.com/support/pages/node/7010369
- https://www.ibm.com/support/pages/node/7022413
- https://www.ibm.com/support/pages/node/7022414
- https://exchange.xforce.ibmcloud.com/vulnerabilities/257132
- https://security.netapp.com/advisory/ntap-20241108-0002/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://www.ibm.com/support/pages/node/7010369
- https://www.ibm.com/support/pages/node/7022413
- https://www.ibm.com/support/pages/node/7022414
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.