4.7

CVE-2021-0001

Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IntelIntegrated Performance Primitives Cryptography Version2019 Updateupdate_1
IntelIntegrated Performance Primitives Cryptography Version2019 Updateupdate_2
IntelIntegrated Performance Primitives Cryptography Version2019 Updateupdate_3
IntelIntegrated Performance Primitives Cryptography Version2019 Updateupdate_4
IntelSgx Dcap SwPlatformlinux Version <= 1.10.100.4
IntelSgx Dcap SwPlatformwindows Version <= 1.10.100.4
IntelSgx Psw SwPlatformwindows Version <= 2.12.100.4
IntelSgx Psw SwPlatformlinux Version <= 2.13.100.4
IntelSgx Sdk SwPlatformwindows Version <= 2.12.100.4
IntelSgx Sdk SwPlatformlinux Version <= 2.13.100.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.291
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.