CVE-2018-1388Sensitive Information Exposure in IBM Websphere MQ

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 45.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Websphere MQ
Timeline
PublishedFeb 7
Latest updateMay 14

Description

GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. IBM X-Force ID: 138212.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/websphere_mq15 versions+14
NVDibm/websphere_mq15 versions+14

🔴Vulnerability Details

2
GHSA
GHSA-7mgx-r937-8jf6: GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding2022-05-14
CVEList
CVE-2018-1388: GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding2018-02-07
CVE-2018-1388 — Sensitive Information Exposure in IBM | cvebase