Unrated severityNVD Advisory· Published Mar 11, 2025· Updated Sep 1, 2025

IBM Common Cryptographic Architecture information disclosure

CVE-2024-41760

Description

IBM CCA 7.0.0-7.5.51 is vulnerable to a timing attack during RSA operations, allowing an attacker to obtain sensitive information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

IBM CCA 7.0.0-7.5.51 is vulnerable to a timing attack during RSA operations, allowing an attacker to obtain sensitive information.

Vulnerability

IBM Common Cryptographic Architecture (CCA) versions 7.0.0 through 7.5.51 (including the IBM 4769 Developers Toolkit) contain a timing side-channel vulnerability in certain RSA operations. The vulnerability arises from an observable discrepancy (CWE-203) in the cryptographic implementation, which can be exploited to leak sensitive information [1].

Exploitation

An attacker with network access to the system can perform a timing attack by measuring the execution time of RSA operations. No authentication is required (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). The attacker must be able to send requests and observe response times with sufficient precision to extract information.

Impact

Successful exploitation allows the attacker to obtain sensitive information, such as cryptographic key material or plaintext, due to the timing leakage. The confidentiality impact is low (CVSS 3.7), meaning only limited information is disclosed.

Mitigation

IBM has provided a fix for this vulnerability. Affected users should apply the latest update from IBM as referenced in the security bulletin [1]. No workarounds are mentioned in the available references.

References

Security Bulletin: Multiple vulnerabilities in IBM's Common Cryptographic Architecture (CCA) (CVE-2024-22340, CVE-2024-41760, CVE-2024-49823)

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

IBM/Common Cryptographic Architecture (CCA)cpe-rescue2 versions
cpe:2.3:h:ibm:4769:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:h:ibm:4769:-:*:*:*:*:*:*:*range: 7.0.0
- (no CPE)range: 7.0.0 - 7.5.51
IBM/4769 Developers Toolkitcpe-rescue
Range: 7.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

www.ibm.com/support/pages/node/7185282mitrevendor-advisorypatch

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000