IBM
CVE-2024-41760
LOW
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.
AnalysisAI
IBM's cryptographic software (versions 7.0.0-7.5.51) has a timing-based weakness that leaks information during RSA encryption operations, allowing attackers to potentially recover sensitive cryptographic keys or data by measuring how long operations take to complete. This affects organizations using IBM Common Cryptographic Architecture for security operations. An attacker with the ability to measure response times could exploit this flaw to gradually deduce private key information used in RSA encryption.
Technical ContextAI
affects IBM Common Cryptographic Architecture 7.0.0. IBM Common Cryptographic Architecture 7.0.0 through 7.5.51
could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.
Affected ProductsAI
Product: IBM Common Cryptographic Architecture 7.0.0. Versions: up to 7.5.51.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-203 – Observable Discrepancy
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today