| Vulnerability Name: | CVE-2023-32342 (CCN-255828) | ||||||||||||
| Assigned: | 2023-05-24 | ||||||||||||
| Published: | 2023-05-24 | ||||||||||||
| Updated: | 2023-06-06 | ||||||||||||
| Summary: | IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828. | ||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N)
| ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2023-32342 Source: psirt@us.ibm.com Type: VDB Entry, Vendor Advisory psirt@us.ibm.com Source: XF Type: UNKNOWN ibm-gskit-cve202332342-info-disc(255828) Source: CCN Type: IBM Security Bulletin 6998037 (HTTP Server) IBM HTTP Server is vulnerable to information disclosure due to IBM GSKit (CVE-2023-32342) Source: CCN Type: IBM Security Bulletin 7001811 (Content Collector for SAP Applications) Vulnerabilities found in GSKit may affect IBM Content Collector for SAP Applications Source: CCN Type: IBM Security Bulletin 7004175 (Sterling Connect:Direct for Microsoft Windows) IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote sensitive information exposure due to IBM GSKit (CVE-2023-32342) Source: CCN Type: IBM Security Bulletin 7005017 (Communications Server for Data Center Deployment) IBM Communications Server for Linux & CS for Linux on System z is vulnerable to Timing Oracle in RSA Decryption in GSKit builds prior to 8.0.55.31 ( CVE-2023-32342 ) Source: CCN Type: IBM Security Bulletin 7005019 (Communications Server for Data Center Deployment) IBM Communications Server for AIX is vulnerable to Timing Oracle in RSA Decryption in GSKit builds prior to 8.0.55.31 ( CVE-2023-32342 ) Source: CCN Type: IBM Security Bulletin 7007429 (MQ) IBM MQ is vulnerable to an issue in IBM GSKit (CVE-2023-32342) Source: CCN Type: IBM Security Bulletin 7007553 (i Access Client Solutions) IBM i Access Client Solutions - Windows Application Package is vulnerable to a timing issue with RSA Decryption in GSKit builds prior to 8.0.55.31 (CVE-2023-32342) Source: CCN Type: IBM Security Bulletin 7007741 (MQ Appliance) IBM MQ Appliance is vulnerable to an issue in IBM GSKit (CVE-2023-32342) Source: CCN Type: IBM Security Bulletin 7010335 (DataPower Gateway) Timing side-channel in IBM DataPower Gateway (CVE-2023-32342) Source: CCN Type: IBM Security Bulletin 7011759 (Storage Protect) A vulnerability in IBM GSKit affects IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2023-32342) Source: CCN Type: IBM Security Bulletin 7013135 (CICS TX Standard) CVE-2023-32342 may affect GSKit shipped with IBM CICS TX Standard Source: CCN Type: IBM Security Bulletin 7013139 (CICS TX Advanced) CVE-2023-32342 may affect GSKit shipped with IBM CICS TX Advanced Source: CCN Type: IBM Security Bulletin 7014225 (Storage Protect Server) IBM Storage Protect Server is vulnerable to sensitive information disclosure due to IBM GSKit ( CVE-2023-32342 ) Source: CCN Type: IBM Security Bulletin 7014259 (Security Verify Access) IBM GSKit as shipped with IBM Security Verify Access has fixed a reported vulnerability (CVE-2023-32342) Source: CCN Type: IBM Security Bulletin 7014693 (Sterling Connect:Direct for UNIX) IBM Sterling Connect:Direct for UNIX is vulnerable to remote sensitive information exposure due to IBM GSKit (CVE-2023-32342) | ||||||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||