Описание
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 7.0.0 (включая) до 7.5.37 (исключая)
Одновременно
cpe:2.3:a:ibm:common_cryptographic_architecture:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00073
Низкий
3.7 Low
CVSS3
Дефекты
CWE-385
Связанные уязвимости
CVSS3: 3.7
github
почти 2 года назад
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.
EPSS
Процентиль: 22%
0.00073
Низкий
3.7 Low
CVSS3
Дефекты
CWE-385