7.5

CVE-2023-33850

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmTxseries For Multiplatform Version8.1
   IbmAix Version-
   LinuxLinux Kernel Version-
IbmTxseries For Multiplatform Version9.1
   IbmAix Version-
   LinuxLinux Kernel Version-
IbmTxseries For Multiplatform Version8.2
   HpHp-ux Version-
   IbmAix Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
IbmCics Tx Version11.1 SwEditionstandard
   LinuxLinux Kernel Version-
IbmCics Tx Version10.1 SwEditionadvanced
   LinuxLinux Kernel Version-
IbmCics Tx Version11.1 SwEditionadvanced
   LinuxLinux Kernel Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.134
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@us.ibm.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.