Potential Side Channel Information Exposure in GSKit V7 by IBM
CVE-2018-1388

7.5HIGH

Key Information:

Vendor
IBM
Status
Websphere MQ
Vendor
CVE Published:
7 February 2018

Summary

The vulnerability in GSKit V7 may lead to the unintentional disclosure of sensitive side channel information due to inconsistencies in valid and invalid PKCS#1 padding. This can potentially allow attackers to exploit the discrepancies, thereby executing unauthorized actions or gaining access to sensitive data. Users of GSKit V7 are advised to review their implementation to mitigate potential risks associated with this vulnerability.

Affected Version(s)

WebSphere MQ 7.0.1.1

WebSphere MQ 7.0.1.2

WebSphere MQ 7.0.1.3

References

http://www.securityfocus.com/bid/103698
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22013022
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/138212
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.