Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-33850

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.

Published

2023-08-22T21:15:07.837

Last Modified

2024-11-21T08:06:04.500

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-203
Type: Secondary
CWE-203

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ibm	txseries_for_multiplatform	8.1	Yes
Application	ibm	txseries_for_multiplatform	9.1	Yes
Operating System	ibm	aix	-	No
Operating System	linux	linux_kernel	-	No
Application	ibm	txseries_for_multiplatform	8.2	Yes
Operating System	hp	hp-ux	-	No
Operating System	ibm	aix	-	No
Operating System	linux	linux_kernel	-	No
Operating System	microsoft	windows	-	No
Application	ibm	cics_tx	11.1	Yes
Operating System	linux	linux_kernel	-	No
Application	ibm	cics_tx	10.1	Yes
Application	ibm	cics_tx	11.1	Yes
Operating System	linux	linux_kernel	-	No

References

https://www.ibm.com/support/pages/node/7010369 Vendor Advisory ([email protected])
https://www.ibm.com/support/pages/node/7022413 Vendor Advisory ([email protected])
https://www.ibm.com/support/pages/node/7022414 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/257132 (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/7010369 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/7022413 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.ibm.com/support/pages/node/7022414 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)