CVE-2023-33850

Summary

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.

Affected Software

VendorProductVersion RangeStatus
IBMTXSeries for Multiplatforms8.1, 8.2, 9.1affected
IBMCICS TX Standard11.1affected
IBMCICS TX Advanced10.1, 11.1affected

Weaknesses

  • CWE-203: CWE-203 Observable Discrepancy

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References