IBM CCA Vulnerability Could Lead to Denial of Service
CVE-2023-47150

7.5HIGH

Key Information:

Vendor: IBM
Status: Common Cryptographic Architecture
Vendor: CVE Published:; 26 March 2024

Summary

IBM Common Cryptographic Architecture (CCA) versions 7.0.0 through 7.5.36 are susceptible to a denial of service vulnerability due to improper handling of data during specific AES operations. This flaw enables a remote user to exploit the system, potentially causing significant disruptions. Operators of affected versions should assess their systems and update to newer versions or implement recommended mitigations to ensure continued security and stability.

Affected Version(s)

Common Cryptographic Architecture 7.0.0 <= 7.5.36

References

https://www.ibm.com/support/pages/node/7145168

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/270602

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Oct 31, 2023