CVE-2023-33855 – IBM Common Cryptographic Architecture information disclosure
https://notcve.org/view.php?id=CVE-2023-33855
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676. Bajo ciertas condiciones, las operaciones RSA realizadas por IBM Common Cryptographic Architecture (CCA) 7.0.0 a 7.5.36 pueden exhibir un comportamiento de tiempo no constante. Esto podría permitir que un atacante remoto obtenga información confidencial mediante un ataque basado en tiempo. • https://exchange.xforce.ibmcloud.com/vulnerabilities/257676 https://www.ibm.com/support/pages/node/7145168 • CWE-385: Covert Timing Channel •
CVE-2023-47150 – IBM Common Cryptographic Architecture denial of service
https://notcve.org/view.php?id=CVE-2023-47150
IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602. IBM Common Cryptographic Architecture (CCA) 7.0.0 a 7.5.36 podría permitir que un usuario remoto provoque una denegación de servicio debido al manejo incorrecto de datos para ciertos tipos de operaciones AES. ID de IBM X-Force: 270602. • https://exchange.xforce.ibmcloud.com/vulnerabilities/270602 https://www.ibm.com/support/pages/node/7145168 • CWE-400: Uncontrolled Resource Consumption •
CVE-2022-22423
https://notcve.org/view.php?id=CVE-2022-22423
IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596. IBM Common Cryptographic Architecture (versiones CCA 5.x MTM para 4767 y CCA 7.x MTM para 4769) podría permitir a un usuario local causar una denegación de servicio debido a una comprobación de entrada inapropiada. IBM X-Force ID: 223596. • https://exchange.xforce.ibmcloud.com/vulnerabilities/223596 https://www.ibm.com/support/pages/node/6695893 • CWE-20: Improper Input Validation •