3.7
CVE-2023-33855
- EPSS 0.07%
- Veröffentlicht 26.03.2024 14:15:07
- Zuletzt bearbeitet 25.07.2025 21:09:49
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Common Cryptographic Architecture information disclosure
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Common Cryptographic Architecture Version >= 7.0.0 < 7.5.37
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.224 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 3.7 | 2.2 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-385 Covert Timing Channel
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.