CVE-2023-33855

Summary

Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.

Affected Software

VendorProductVersion RangeStatus
IBMCommon Cryptographic Architecture7.0.0 <= 7.5.36affected

Weaknesses

  • CWE-385: CWE-385 Covert Timing Channel

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References