CVE-2023-33850

CWE-2033 documents3 sources
Severity
7.5HIGH
EPSS
0.0%
top 86.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
IBM Cics TX AdvancedIBM Cics TX StandardIBM Txseries FOR Multiplatforms+2 more
Timeline
PublishedAug 22

Description

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

NVDibm/cics_tx10.1, 11.1+1
NVDibm/txseries8.1, 8.2, 9.1+2
CVEListV5ibm/cics_tx_advanced10.1, 11.1
CVEListV5ibm/cics_tx_standard11.1
CVEListV5ibm/txseries_for_multiplatforms8.1, 8.2, 9.1

🔴Vulnerability Details

2
GHSA
GHSA-xxxm-cq2q-5v69: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementa2023-08-22
CVEList
IBM GSKit-Crypto information disclosure2023-08-22