First published: Tue Aug 22 2023(Updated: )
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132.
Credit: psirt@us.ibm.com psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM TXSeries for Multiplatform | =8.1 | |
IBM TXSeries for Multiplatform | =9.1 | |
IBM AIX | ||
Linux Linux kernel | ||
IBM TXSeries for Multiplatform | =8.2 | |
HP HP-UX | ||
Microsoft Windows | ||
IBM CICS TX | =11.1 | |
IBM CICS TX | =10.1 | |
IBM CICS TX | =11.1 | |
All of | ||
Any of | ||
IBM TXSeries for Multiplatform | =8.1 | |
IBM TXSeries for Multiplatform | =9.1 | |
Any of | ||
IBM AIX | ||
Linux Linux kernel | ||
All of | ||
IBM TXSeries for Multiplatform | =8.2 | |
Any of | ||
HP HP-UX | ||
IBM AIX | ||
Linux Linux kernel | ||
Microsoft Windows | ||
All of | ||
IBM CICS TX | =11.1 | |
Linux Linux kernel | ||
All of | ||
Any of | ||
IBM CICS TX | =10.1 | |
IBM CICS TX | =11.1 | |
Linux Linux kernel | ||
IBM Cognos Controller | <=11.0.0 - 11.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-33850 is a vulnerability in IBM GSKit-Crypto that allows a remote attacker to obtain sensitive information through a timing-based side channel in the RSA Decryption implementation.
CVE-2023-33850 works by sending an overly large number of trial messages for decryption, which can be exploited by an attacker to obtain sensitive information.
CVE-2023-33850 has a severity rating of 7.5 (high).
IBM TXSeries for Multiplatforms versions 8.1, 8.2, and 9.1 are affected by CVE-2023-33850.
To fix CVE-2023-33850, apply the appropriate patch provided by IBM for your version of IBM TXSeries for Multiplatforms.