CVE-2024-22340

Summary

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51

could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack.

Affected Software

VendorProductVersion RangeStatus
IBMCommon Cryptographic Architecture7.0.0 <= 7.5.51affected
IBM4769 Developers Toolkit7.0.0 <= 7.5.51affected

Weaknesses

  • CWE-208: CWE-208 Observable Timing Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References