CVE-2024-22340

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-208
View all →

Vulnerability Description

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack.

Related Vulnerabilities

CVE-2024-23953

MEDIUM
CVSS:6.5(Medium)

Use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an author...

CWE-2082024

CVE-2024-41828

MEDIUM
CVSS:6.5(Medium)

In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time

CWE-2082024

CVE-2024-42368

MEDIUM
CVSS:6.5(Medium)

OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. Th...

CWE-2082024

CVE-2021-34337

MEDIUM
CVSS:6.3(Medium)

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrar...

CWE-2082021

CVE-2016-10535

MEDIUM
CVSS:5.9(Medium)

csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enab...

CWE-2082016

CVE-2019-13420

MEDIUM
CVSS:5.9(Medium)

Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.

CWE-2082019