← Back

CVE-2023-33850

nvd nist
Published: Aug 22, 2023Modified: Nov 3, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.

Affected (6)

Ibm
2 products
Txseries For Multiplatform
Cics Tx
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Txseries For Multiplatform
Version 8.1
Txseries For Multiplatform
Version 9.1
Configuration B
1 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Txseries For Multiplatform
Version 8.2
Running on/withPlatform Versions
Hp
Hp Ux
All versions
Ibm
Aix
All versions
Microsoft
Windows
All versions
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Cics Tx
Version 11.1
Configuration D
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ibm
Cics Tx
Version 10.1
Cics Tx
Version 11.1
Running on/withPlatform Versions
Linux
Linux Kernel
All versions

Related CWEs

CWE-203
Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References (8)

Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Vendor Advisory
Source: psirt@us.ibm.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.