IBM
CVE-2024-22340
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack.
AnalysisAI
IBM's Common Cryptographic Architecture (versions 7.0.0-7.5.51) contains a timing vulnerability in ECDSA signature generation that leaks sensitive information through how long the operation takes to complete. Attackers can exploit this timing difference to deduce the private signing key through repeated observations of signature creation times. Any organization using affected IBM CCA versions for cryptographic operations is at risk of having their ECDSA private keys compromised.
Technical ContextAI
affects IBM Common Cryptographic Architecture 7.0.0. IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack.
Affected ProductsAI
Product: IBM Common Cryptographic Architecture 7.0.0. Versions: up to 7.5.51.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-208 – Observable Timing Discrepancy
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today