Vulnerability Details : CVE-2023-33850
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.
Products affected by CVE-2023-33850
- cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*
- cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*
- cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:txseries_for_multiplatform:8.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:txseries_for_multiplatform:9.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-33850
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-33850
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
IBM Corporation |
CWE ids for CVE-2023-33850
-
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.Assigned by:
- nvd@nist.gov (Secondary)
- psirt@us.ibm.com (Primary)
References for CVE-2023-33850
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/257132
IBM GSKit-Crypto information disclosure CVE-2023-33850 Vulnerability ReportVDB Entry;Vendor Advisory
-
https://www.ibm.com/support/pages/node/7022414
Security Bulletin: "Timing Oracle in RSA Decryption" issue may affect GSKit shipped with IBM CICS TX AdvancedVendor Advisory
-
https://www.ibm.com/support/pages/node/7022413
Security Bulletin: "Timing Oracle in RSA Decryption " issue may affect GSKit shipped with IBM CICS TX StandardVendor Advisory
-
https://www.ibm.com/support/pages/node/7010369
Security Bulletin: Timing Oracle in RSA Decryption vulnerability might affect GSKit supplied with IBM TXSeries for Multiplatforms.Vendor Advisory
Jump to