CVE-2023-47150 - Vulnerability Details - OpenCVE

IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Aix Common Cryptographic Architecture I
Linux	Linux Kernel

Configuration 1 [-]

AND

cpe:2.3:a:ibm:common_cryptographic_architecture:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:ibm:i:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/270602
https://www.ibm.com/support/pages/node/7145168

History

Fri, 25 Jul 2025 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ibm aix Ibm i Linux Linux linux Kernel
CPEs		cpe:2.3:a:ibm:common_cryptographic_architecture:::::::: cpe:2.3:o:ibm:aix:-:::::::* cpe:2.3:o:ibm:i:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::*
Vendors & Products		Ibm aix Ibm i Linux Linux linux Kernel

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2024-03-26T14:01:26.765Z

Updated: 2024-08-05T16:16:46.601Z

Reserved: 2023-10-31T00:13:36.930Z

Link: CVE-2023-47150

Vulnrichment

Updated: 2024-08-02T21:01:22.816Z

NVD

Status : Analyzed

Published: 2024-03-26T14:15:08.173

Modified: 2025-07-25T21:09:09.293

Link: CVE-2023-47150

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47150", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2023-10-31T00:13:36.930Z", "datePublished": "2024-03-26T14:01:26.765Z", "dateUpdated": "2024-08-05T16:16:46.601Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Common Cryptographic Architecture", "vendor": "IBM", "versions": [{"lessThanOrEqual": "7.5.36", "status": "affected", "version": "7.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602."}], "value": "IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-03-26T14:01:26.765Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.ibm.com/support/pages/node/7145168"}, {"tags": ["vdb-entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270602"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Common Cryptographic Architecture denial of service", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.816Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/7145168"}, {"tags": ["vdb-entry", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270602"}]}, {"affected": [{"vendor": "ibm", "product": "common_cryptographic_architecture", "cpes": ["cpe:2.3:a:ibm:common_cryptographic_architecture:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.0.0", "status": "affected", "lessThanOrEqual": "7.5.36", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-05T16:14:23.195009Z", "id": "CVE-2023-47150", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T16:16:46.601Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ibm.com/support/pages/node/7145168", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270602", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.816Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47150", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-05T16:14:23.195009Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ibm:common_cryptographic_architecture:*:*:*:*:*:*:*:*"], "vendor": "ibm", "product": "common_cryptographic_architecture", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.5.36"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T16:16:36.368Z"}}], "cna": {"title": "IBM Common Cryptographic Architecture denial of service", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "IBM", "product": "Common Cryptographic Architecture", "versions": [{"status": "affected", "version": "7.0.0", "versionType": "semver", "lessThanOrEqual": "7.5.36"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.ibm.com/support/pages/node/7145168", "tags": ["vendor-advisory"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270602", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.", "supportingMedia": [{"type": "text/html", "value": "IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-03-26T14:01:26.765Z"}}}, "cveMetadata": {"cveId": "CVE-2023-47150", "state": "PUBLISHED", "dateUpdated": "2024-08-05T16:16:46.601Z", "dateReserved": "2023-10-31T00:13:36.930Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-03-26T14:01:26.765Z", "assignerShortName": "ibm"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:common_cryptographic_architecture:*:*:*:*:*:*:*:*", "matchCriteriaId": "196F7E30-D166-4F31-B009-56C6A6EA7300", "versionEndExcluding": "7.5.37", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false}, {"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602."}, {"lang": "es", "value": "IBM Common Cryptographic Architecture (CCA) 7.0.0 a 7.5.36 podr\u00eda permitir que un usuario remoto provoque una denegaci\u00f3n de servicio debido al manejo incorrecto de datos para ciertos tipos de operaciones AES. ID de IBM X-Force: 270602."}], "id": "CVE-2023-47150", "lastModified": "2025-07-25T21:09:09.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}]}, "published": "2024-03-26T14:15:08.173", "references": [{"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270602"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7145168"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270602"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/7145168"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "psirt@us.ibm.com", "type": "Secondary"}]}