CVE-2023-33850

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-33850
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/7010369 Vendor Advisory
https://www.ibm.com/support/pages/node/7022413 Vendor Advisory
https://www.ibm.com/support/pages/node/7022414 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/257132
https://security.netapp.com/advisory/ntap-20241108-0002/
https://www.ibm.com/support/pages/node/7010369 Vendor Advisory
https://www.ibm.com/support/pages/node/7022413 Vendor Advisory
https://www.ibm.com/support/pages/node/7022414 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:txseries_for_multiplatform:9.1:*:*:*:*:*:*:*
OR cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:ibm:txseries_for_multiplatform:8.2:*:*:*:*:*:*:*
OR cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
History

03 Nov 2025, 22:16

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20241108-0002/ -

21 Nov 2024, 08:06

Type Values Removed Values Added
References
  • () https://exchange.xforce.ibmcloud.com/vulnerabilities/257132 -
References () https://www.ibm.com/support/pages/node/7010369 - Vendor Advisory () https://www.ibm.com/support/pages/node/7010369 - Vendor Advisory
References () https://www.ibm.com/support/pages/node/7022413 - Vendor Advisory () https://www.ibm.com/support/pages/node/7022413 - Vendor Advisory
References () https://www.ibm.com/support/pages/node/7022414 - Vendor Advisory () https://www.ibm.com/support/pages/node/7022414 - Vendor Advisory

27 Sep 2024, 14:15

Type Values Removed Values Added
References
  • {'url': 'https://exchange.xforce.ibmcloud.com/vulnerabilities/257132', 'tags': ['VDB Entry', 'Vendor Advisory'], 'source': 'psirt@us.ibm.com'}
Summary (en) IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132. (en) IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information.

19 Sep 2024, 16:15

Type Values Removed Values Added
Summary (en) IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132. (en) IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132.

28 Aug 2023, 19:51

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE CWE-203
First Time Linux linux Kernel
Microsoft windows
Ibm
Microsoft
Ibm txseries For Multiplatform
Hp hp-ux
Linux
Ibm aix
Hp
Ibm cics Tx
CPE cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:txseries_for_multiplatform:9.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cics_tx:10.1:*:*:*:advanced:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*
cpe:2.3:a:ibm:txseries_for_multiplatform:8.2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:ibm:txseries_for_multiplatform:8.1:*:*:*:*:*:*:*
References (MISC) https://www.ibm.com/support/pages/node/7022414 - (MISC) https://www.ibm.com/support/pages/node/7022414 - Vendor Advisory
References (MISC) https://www.ibm.com/support/pages/node/7022413 - (MISC) https://www.ibm.com/support/pages/node/7022413 - Vendor Advisory
References (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/257132 - (MISC) https://exchange.xforce.ibmcloud.com/vulnerabilities/257132 - VDB Entry, Vendor Advisory
References (MISC) https://www.ibm.com/support/pages/node/7010369 - (MISC) https://www.ibm.com/support/pages/node/7010369 - Vendor Advisory

22 Aug 2023, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-22 21:15

Updated : 2025-11-03 22:16

NVD link : CVE-2023-33850

Mitre link : CVE-2023-33850

CVE.ORG link : CVE-2023-33850

JSON object : View

Products Affected

hp

  • hp-ux

linux

  • linux_kernel

microsoft

  • windows

ibm

  • cics_tx
  • aix
  • txseries_for_multiplatform
CWE
CWE-203

Observable Discrepancy