Lucene search

IbmVULNRICHMENT:CVE-2023-47150

HistoryMar 26, 2024 - 2:01 p.m.

CVE-2023-47150 IBM Common Cryptographic Architecture denial of service

2024-03-2614:01:26

CWE-400

ibm

github.com

ibm common cryptographic architecture

denial of service

aes operations

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:ibm:common_cryptographic_architecture:*:*:*:*:*:*:*:*"
    ],
    "vendor": "ibm",
    "product": "common_cryptographic_architecture",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.0",
        "versionType": "semver",
        "lessThanOrEqual": "7.5.36"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/270602

www.ibm.com/support/pages/node/7145168

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-47150