Vulnerability Description
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Txseries For Multiplatform | 8.1 |
| Ibm | Aix | - |
| Linux | Linux Kernel | - |
| Hp | Hp-Ux | - |
| Microsoft | Windows | - |
| Ibm | Cics Tx | 11.1 |
Related Weaknesses (CWE)
References
- https://www.ibm.com/support/pages/node/7010369Vendor Advisory
- https://www.ibm.com/support/pages/node/7022413Vendor Advisory
- https://www.ibm.com/support/pages/node/7022414Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/257132
- https://security.netapp.com/advisory/ntap-20241108-0002/
- https://www.ibm.com/support/pages/node/7010369Vendor Advisory
- https://www.ibm.com/support/pages/node/7022413Vendor Advisory
- https://www.ibm.com/support/pages/node/7022414Vendor Advisory
FAQ
What is CVE-2023-33850?
CVE-2023-33850 is a vulnerability with a CVSS score of 7.5 (HIGH). IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial m...
How severe is CVE-2023-33850?
CVE-2023-33850 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-33850?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Txseries For Multiplatform, Ibm Aix, Linux Linux Kernel, Hp Hp-Ux, Microsoft Windows.