Skip to main content

IBM CVE-2024-41760

LOW
Observable Discrepancy (CWE-203)
2025-03-11 psirt@us.ibm.com
3.7
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.7 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 19:52 vuln.today
CVE Published
Mar 11, 2025 - 01:15 nvd
LOW 3.7

DescriptionCVE.org

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51

could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.

AnalysisAI

IBM's cryptographic software (versions 7.0.0-7.5.51) has a timing-based weakness that leaks information during RSA encryption operations, allowing attackers to potentially recover sensitive cryptographic keys or data by measuring how long operations take to complete. This affects organizations using IBM Common Cryptographic Architecture for security operations. An attacker with the ability to measure response times could exploit this flaw to gradually deduce private key information used in RSA encryption.

Technical ContextAI

affects IBM Common Cryptographic Architecture 7.0.0. IBM Common Cryptographic Architecture 7.0.0 through 7.5.51

could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.

Affected ProductsAI

Product: IBM Common Cryptographic Architecture 7.0.0. Versions: up to 7.5.51.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2024-41760 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy