IBM Common Cryptographic Architecture denial of service
Description
IBM CCA 7.0.0–7.5.36 mishandles certain AES operations, allowing a remote, unauthenticated attacker to cause a denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM CCA 7.0.0–7.5.36 mishandles certain AES operations, allowing a remote, unauthenticated attacker to cause a denial of service.
Vulnerability
IBM Common Cryptographic Architecture (CCA) versions 7.0.0 through 7.5.36 contain a denial-of-service vulnerability in the handling of specific types of AES operations. The issue stems from incorrect data processing, which can be triggered without authentication over the network [1].
Exploitation
An attacker can exploit this vulnerability remotely without needing any prior authentication or user interaction. By sending a crafted AES operation request to the CCA interface, the attacker triggers the incorrect data handling, causing the service to fail [1].
Impact
Successful exploitation results in a denial of service, making the cryptographic services unavailable. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) indicates high availability impact with no confidentiality or integrity loss [1].
Mitigation
IBM has released CCA version 7.5.37 as the fix. Users running CCA 7.x on platforms including IBM AIX, IBM i, IBM PowerLinux, and Linux (Intel x86) should upgrade to 7.5.37 or later from the IBM CCA Software Download Page [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2>=7.0.0 <=7.5.36+ 1 more
- (no CPE)range: >=7.0.0 <=7.5.36
- (no CPE)range: 7.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.ibm.com/support/pages/node/7145168mitrevendor-advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/270602mitrevdb-entry
News mentions
0No linked articles in our index yet.