exploitDog

CVE-2023-32342

Опубликовано: 30 мая 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/255828
VDB Entry
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/255828
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:http_server:*:*:*:*:*:*:*:*

Версия от 8.5.0.0 (включая) до 8.5.5.24 (исключая)

cpe:2.3:a:ibm:http_server:*:*:*:*:*:*:*:*

Версия от 9.0.0.0 (включая) до 9.0.5.16 (исключая)

EPSS

Процентиль: 18%

0.00057

Низкий

7.5 High

CVSS3

Дефекты

CWE-203

Связанные уязвимости

GHSA-5wv7-mwwf-5g8c

CVSS3: 7.5

github

больше 2 лет назад

IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828.

EPSS

Процентиль: 18%

0.00057

Низкий

7.5 High

CVSS3

Дефекты

CWE-203