CVE-2023-33850

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7010369	Vendor Advisory
https://www.ibm.com/support/pages/node/7022413	Vendor Advisory
https://www.ibm.com/support/pages/node/7022414	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/257132
https://www.ibm.com/support/pages/node/7010369	Vendor Advisory
https://www.ibm.com/support/pages/node/7022413	Vendor Advisory
https://www.ibm.com/support/pages/node/7022414	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:::::::*
	cpe:2.3:a:ibm:txseries_for_multiplatform:9.1:::::::*

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:ibm:txseries_for_multiplatform:8.2:*:*:*:*:*:*:*

OR	cpe:2.3:o:hp:hp-ux:-:::::::*
	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:ibm:cics_tx:10.1::::advanced:::
	cpe:2.3:a:ibm:cics_tx:11.1::::advanced:::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-08-22 21:15

Updated : 2024-11-21 08:06

NVD link : CVE-2023-33850

Mitre link : CVE-2023-33850

CVE.ORG link : CVE-2023-33850

JSON object : View

Products Affected

ibm

cics_tx
txseries_for_multiplatform
aix

hp

hp-ux

linux

linux_kernel

microsoft

windows

CWE

CWE-203

Observable Discrepancy

{"id": "CVE-2023-33850", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-08-22T21:15:07.837", "references": [{"url": "https://www.ibm.com/support/pages/node/7010369", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7022413", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/7022414", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257132", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/7010369", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/7022413", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/7022414", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-203"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information."}], "lastModified": "2024-11-21T08:06:04.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D5EA02F-AA81-4101-9CE2-46ED4DE76B25"}, {"criteria": "cpe:2.3:a:ibm:txseries_for_multiplatform:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "569BF866-989C-4BF4-B80E-962F8979FD8B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:txseries_for_multiplatform:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB032B5B-3B05-4809-8BF2-E08255E19475"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C"}, {"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*", "vulnerable": true, "matchCriteriaId": "66EEC046-128D-4555-8C9A-3C02300145B5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*", "vulnerable": true, "matchCriteriaId": "73BBDE39-E8CF-416C-838D-046ADDA011F8"}, {"criteria": "cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*", "vulnerable": true, "matchCriteriaId": "A9D7FDA3-EE60-453B-8651-686B9D28071F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}