Search criteria
12 vulnerabilities found for Common Cryptographic Architecture by IBM
CVE-2025-13375 (GCVE-0-2025-13375)
Vulnerability from nvd – Published: 2026-02-04 20:31 – Updated: 2026-02-06 19:24
VLAI?
Title
IBM Common Cryptographic Architecture Arbitrary Command Execution
Summary
IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.
Severity ?
9.8 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Common Cryptographic Architecture |
Affected:
7.5.52
(semver)
Affected: 8.4.82 (semver) cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:linux:x86:* cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:aix:*:* cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:ibm_i:*:* cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:powerlinux:*:* cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:linux:x86:* cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:aix:*:* cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:ibm_i:*:* cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:powerlinux:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:23:54.508016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:24:03.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:linux:x86:*",
"cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:ibm_i:*:*",
"cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:powerlinux:*:*",
"cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:linux:x86:*",
"cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:ibm_i:*:*",
"cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:powerlinux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux x86",
"IBM AIX",
"IBM i",
"IBM PowerLinux"
],
"product": "Common Cryptographic Architecture",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5.52",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.4.82",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IBM 4769 Developers Toolkit",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5.52"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Common Cryptographic Architecture (CCA)\u0026nbsp;7.5.52 and\u0026nbsp;8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system."
}
],
"value": "IBM Common Cryptographic Architecture (CCA)\u00a07.5.52 and\u00a08.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T20:46:57.901Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7259625"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerability now by upgrading:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed Version(s)\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eCCA 7 MTM for 4769\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e7.5.53\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eCCA 8 MTM for 4770\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e8.4.84\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM 4769 Developers Toolkit\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e7.5.53\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading:\u00a0\n\nProduct(s)Fixed Version(s)CCA 7 MTM for 4769\n\n7.5.53\n\nCCA 8 MTM for 4770\n\n8.4.84\n\nIBM 4769 Developers Toolkit\n\n7.5.53"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Common Cryptographic Architecture Arbitrary Command Execution",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13375",
"datePublished": "2026-02-04T20:31:13.398Z",
"dateReserved": "2025-11-18T19:19:10.873Z",
"dateUpdated": "2026-02-06T19:24:03.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49823 (GCVE-0-2024-49823)
Vulnerability from nvd – Published: 2025-03-11 00:48 – Updated: 2025-09-01 01:07
VLAI?
Title
IBM Common Cryptographic Architecture denial of service
Summary
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests.
Severity ?
6.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Common Cryptographic Architecture |
Affected:
7.0.0 , ≤ 7.5.51
(semver)
cpe:2.3:h:ibm:4769:-:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T02:02:05.996183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T02:02:26.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:ibm:4769:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux x86",
"IBM AIX",
"IBM i",
"IBM PowerLinux"
],
"product": "Common Cryptographic Architecture",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.51",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "4769 Developers Toolkit",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.51",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests."
}
],
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:07:08.097Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7185282"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Common Cryptographic Architecture denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49823",
"datePublished": "2025-03-11T00:48:05.380Z",
"dateReserved": "2024-10-20T13:40:37.122Z",
"dateUpdated": "2025-09-01T01:07:08.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41760 (GCVE-0-2024-41760)
Vulnerability from nvd – Published: 2025-03-11 00:49 – Updated: 2025-09-01 01:06
VLAI?
Title
IBM Common Cryptographic Architecture information disclosure
Summary
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.
Severity ?
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Common Cryptographic Architecture |
Affected:
7.0.0 , ≤ 7.5.51
(semver)
cpe:2.3:h:ibm:4769:-:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T02:01:29.825716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T02:01:46.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:ibm:4769:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux x86",
"IBM AIX",
"IBM i",
"IBM PowerLinux"
],
"product": "Common Cryptographic Architecture",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.51",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "4769 Developers Toolkit",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.51",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.\u003c/span\u003e"
}
],
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 \n\ncould allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:06:28.288Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7185282"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Common Cryptographic Architecture information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41760",
"datePublished": "2025-03-11T00:49:35.514Z",
"dateReserved": "2024-07-22T12:02:49.315Z",
"dateUpdated": "2025-09-01T01:06:28.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22340 (GCVE-0-2024-22340)
Vulnerability from nvd – Published: 2025-03-11 00:50 – Updated: 2025-09-01 01:07
VLAI?
Title
IBM Common Cryptographic Architecture information disclosure
Summary
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack.
Severity ?
6.5 (Medium)
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Common Cryptographic Architecture |
Affected:
7.0.0 , ≤ 7.5.51
(semver)
cpe:2.3:h:ibm:4769:-:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T02:00:44.991344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T02:01:05.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:ibm:4769:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux x86",
"IBM AIX",
"IBM i",
"IBM PowerLinux"
],
"product": "Common Cryptographic Architecture",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.51",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "4769 Developers Toolkit",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.51",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 \n\n\n\ncould allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:07:29.781Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7185282"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Common Cryptographic Architecture information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22340",
"datePublished": "2025-03-11T00:50:55.148Z",
"dateReserved": "2024-01-08T23:42:17.267Z",
"dateUpdated": "2025-09-01T01:07:29.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47150 (GCVE-0-2023-47150)
Vulnerability from nvd – Published: 2024-03-26 14:01 – Updated: 2026-02-04 21:16
VLAI?
Title
IBM Common Cryptographic Architecture denial of service
Summary
IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Common Cryptographic Architecture |
Affected:
7.0.0 , ≤ 7.5.36
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7145168"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270602"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:14:23.195009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T21:16:08.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Common Cryptographic Architecture",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.36",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602."
}
],
"value": "IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T14:01:26.765Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7145168"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270602"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Common Cryptographic Architecture denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47150",
"datePublished": "2024-03-26T14:01:26.765Z",
"dateReserved": "2023-10-31T00:13:36.930Z",
"dateUpdated": "2026-02-04T21:16:08.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-33855 (GCVE-0-2023-33855)
Vulnerability from nvd – Published: 2024-03-26 14:04 – Updated: 2024-08-05 16:12
VLAI?
Title
IBM Common Cryptographic Architecture information disclosure
Summary
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.
Severity ?
CWE
- CWE-385 - Covert Timing Channel
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Common Cryptographic Architecture |
Affected:
7.0.0 , ≤ 7.5.36
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:12.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7145168"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257676"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:12:32.727707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:49.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Common Cryptographic Architecture",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.36",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676."
}
],
"value": "Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385 Covert Timing Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T14:04:37.274Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7145168"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257676"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Common Cryptographic Architecture information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-33855",
"datePublished": "2024-03-26T14:04:37.274Z",
"dateReserved": "2023-05-23T00:32:05.085Z",
"dateUpdated": "2024-08-05T16:12:49.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-13375 (GCVE-0-2025-13375)
Vulnerability from cvelistv5 – Published: 2026-02-04 20:31 – Updated: 2026-02-06 19:24
VLAI?
Title
IBM Common Cryptographic Architecture Arbitrary Command Execution
Summary
IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.
Severity ?
9.8 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Common Cryptographic Architecture |
Affected:
7.5.52
(semver)
Affected: 8.4.82 (semver) cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:linux:x86:* cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:aix:*:* cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:ibm_i:*:* cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:powerlinux:*:* cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:linux:x86:* cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:aix:*:* cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:ibm_i:*:* cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:powerlinux:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T19:23:54.508016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:24:03.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:linux:x86:*",
"cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:ibm_i:*:*",
"cpe:2.3:a:ibm:common_cryptographic_architecture:7.5.52:*:*:*:*:powerlinux:*:*",
"cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:linux:x86:*",
"cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:ibm_i:*:*",
"cpe:2.3:a:ibm:common_cryptographic_architecture:8.4.82:*:*:*:*:powerlinux:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux x86",
"IBM AIX",
"IBM i",
"IBM PowerLinux"
],
"product": "Common Cryptographic Architecture",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5.52",
"versionType": "semver"
},
{
"status": "affected",
"version": "8.4.82",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IBM 4769 Developers Toolkit",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5.52"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Common Cryptographic Architecture (CCA)\u0026nbsp;7.5.52 and\u0026nbsp;8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system."
}
],
"value": "IBM Common Cryptographic Architecture (CCA)\u00a07.5.52 and\u00a08.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T20:46:57.901Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7259625"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eIBM strongly recommends addressing the vulnerability now by upgrading:\u003c/strong\u003e\u0026nbsp;\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct(s)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed Version(s)\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eCCA 7 MTM for 4769\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e7.5.53\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eCCA 8 MTM for 4770\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e8.4.84\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM 4769 Developers Toolkit\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e7.5.53\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by upgrading:\u00a0\n\nProduct(s)Fixed Version(s)CCA 7 MTM for 4769\n\n7.5.53\n\nCCA 8 MTM for 4770\n\n8.4.84\n\nIBM 4769 Developers Toolkit\n\n7.5.53"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Common Cryptographic Architecture Arbitrary Command Execution",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-13375",
"datePublished": "2026-02-04T20:31:13.398Z",
"dateReserved": "2025-11-18T19:19:10.873Z",
"dateUpdated": "2026-02-06T19:24:03.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-22340 (GCVE-0-2024-22340)
Vulnerability from cvelistv5 – Published: 2025-03-11 00:50 – Updated: 2025-09-01 01:07
VLAI?
Title
IBM Common Cryptographic Architecture information disclosure
Summary
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack.
Severity ?
6.5 (Medium)
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Common Cryptographic Architecture |
Affected:
7.0.0 , ≤ 7.5.51
(semver)
cpe:2.3:h:ibm:4769:-:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T02:00:44.991344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T02:01:05.199Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:ibm:4769:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux x86",
"IBM AIX",
"IBM i",
"IBM PowerLinux"
],
"product": "Common Cryptographic Architecture",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.51",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "4769 Developers Toolkit",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.51",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 \n\n\n\ncould allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:07:29.781Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7185282"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Common Cryptographic Architecture information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-22340",
"datePublished": "2025-03-11T00:50:55.148Z",
"dateReserved": "2024-01-08T23:42:17.267Z",
"dateUpdated": "2025-09-01T01:07:29.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41760 (GCVE-0-2024-41760)
Vulnerability from cvelistv5 – Published: 2025-03-11 00:49 – Updated: 2025-09-01 01:06
VLAI?
Title
IBM Common Cryptographic Architecture information disclosure
Summary
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.
Severity ?
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Common Cryptographic Architecture |
Affected:
7.0.0 , ≤ 7.5.51
(semver)
cpe:2.3:h:ibm:4769:-:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T02:01:29.825716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T02:01:46.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:ibm:4769:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux x86",
"IBM AIX",
"IBM i",
"IBM PowerLinux"
],
"product": "Common Cryptographic Architecture",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.51",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "4769 Developers Toolkit",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.51",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.\u003c/span\u003e"
}
],
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 \n\ncould allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:06:28.288Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7185282"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Common Cryptographic Architecture information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41760",
"datePublished": "2025-03-11T00:49:35.514Z",
"dateReserved": "2024-07-22T12:02:49.315Z",
"dateUpdated": "2025-09-01T01:06:28.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49823 (GCVE-0-2024-49823)
Vulnerability from cvelistv5 – Published: 2025-03-11 00:48 – Updated: 2025-09-01 01:07
VLAI?
Title
IBM Common Cryptographic Architecture denial of service
Summary
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests.
Severity ?
6.5 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Common Cryptographic Architecture |
Affected:
7.0.0 , ≤ 7.5.51
(semver)
cpe:2.3:h:ibm:4769:-:*:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T02:02:05.996183Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T02:02:26.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:ibm:4769:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"platforms": [
"Linux x86",
"IBM AIX",
"IBM i",
"IBM PowerLinux"
],
"product": "Common Cryptographic Architecture",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.51",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "4769 Developers Toolkit",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.51",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests."
}
],
"value": "IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:07:08.097Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7185282"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Common Cryptographic Architecture denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-49823",
"datePublished": "2025-03-11T00:48:05.380Z",
"dateReserved": "2024-10-20T13:40:37.122Z",
"dateUpdated": "2025-09-01T01:07:08.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33855 (GCVE-0-2023-33855)
Vulnerability from cvelistv5 – Published: 2024-03-26 14:04 – Updated: 2024-08-05 16:12
VLAI?
Title
IBM Common Cryptographic Architecture information disclosure
Summary
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.
Severity ?
CWE
- CWE-385 - Covert Timing Channel
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Common Cryptographic Architecture |
Affected:
7.0.0 , ≤ 7.5.36
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:12.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7145168"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257676"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:12:32.727707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:49.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Common Cryptographic Architecture",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.36",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676."
}
],
"value": "Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385 Covert Timing Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T14:04:37.274Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7145168"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257676"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Common Cryptographic Architecture information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-33855",
"datePublished": "2024-03-26T14:04:37.274Z",
"dateReserved": "2023-05-23T00:32:05.085Z",
"dateUpdated": "2024-08-05T16:12:49.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47150 (GCVE-0-2023-47150)
Vulnerability from cvelistv5 – Published: 2024-03-26 14:01 – Updated: 2026-02-04 21:16
VLAI?
Title
IBM Common Cryptographic Architecture denial of service
Summary
IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Common Cryptographic Architecture |
Affected:
7.0.0 , ≤ 7.5.36
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7145168"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270602"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T16:14:23.195009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T21:16:08.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Common Cryptographic Architecture",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.36",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602."
}
],
"value": "IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-26T14:01:26.765Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7145168"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270602"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Common Cryptographic Architecture denial of service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-47150",
"datePublished": "2024-03-26T14:01:26.765Z",
"dateReserved": "2023-10-31T00:13:36.930Z",
"dateUpdated": "2026-02-04T21:16:08.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}