Primary

Context

IBM Common Cryptographic Architecture Timing Attack Vulnerability in RSA Operations

Vulnerability

A timing attack vulnerability has been identified in IBM Common Cryptographic Architecture (CCA) versions 7.0.0 through 7.5.51. This vulnerability could allow an attacker to obtain sensitive information by exploiting timing discrepancies during certain RSA operations.

Impact

Exploitation of this vulnerability could lead to the unauthorized disclosure of sensitive information.

Remediation

Users are advised to upgrade to version 7.5.52 or later. For IBM CCA 7.x MTM for 4769 and the IBM 4769 Developers Toolkit, version 7.5.52 is available. Instructions for downloading the updated version are provided on the IBM CCA Software Download Page. For IBM i users, the CY3 PTF update will also bring the firmware level to 7.5.52 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM Common Cryptographic Architecture Timing Attack Vulnerability in RSA Operations

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating