CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.0%
IBM Common Cryptographic Architecture (CCA) could allow a remote user to cause a denial of service (CVE-2023-47150) or to obtain sensitive information (CVE-2023-33855) as described in the vulnerability details section. IBM customers who use the IBM 4769 Developer’s Toolkit to create CCA User-Defined Extensions (UDXes) may be affected by these vulnerabilities.
CVEID:CVE-2023-47150
**DESCRIPTION:**IBM Common Cryptographic Architecture (CCA) could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270602 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2023-33855
**DESCRIPTION:**Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM 4769 Developers Toolkit | 7.0.0 - 7.5.36 |
IBM strongly recommends addressing the vulnerability by upgrading to the latest toolkit
Product | Fixed Version |
---|---|
IBM 4769 Developers Toolkit | 7.5.37 or later |
Customers should contact their toolkit provider to obtain the latest toolkit.
IBM recommends that all toolkit customers upgrade to the latest version of the IBM 4769 Developer’s Toolkit.
The listed vulnerabilities affect certain types of RSA (CVE-2023-33855) and AES (CVE-2023-47150) operations performed by the IBM Common Cryptographic Architecture (CCA). An IBM 4769 Developer’s Toolkit customer who creates custom firmware images that are CCA User-Defined Extensions (UDXes) might be affected. However, an IBM 4769 Developer’s Toolkit customer who does not create UDXes would not be affected.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | common_cryptographic_architecture | 7. | cpe:2.3:a:ibm:common_cryptographic_architecture:7.:*:*:*:mtm_for_4769:*:*:* |
ibm | common_cryptographic_architecture | 4769 | cpe:2.3:a:ibm:common_cryptographic_architecture:4769:*:*:*:mtm_for_4769:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.0%