Common Cryptographic Architecture (CCA)
by IBM
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-13375 | Cri | 0.64 | 9.8 | 0.00 | Feb 4, 2026 | IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system. | ||
| CVE-2024-22340 | 0.00 | — | 0.00 | Mar 11, 2025 | IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack. | |||
| CVE-2024-41760 | 0.00 | — | 0.00 | Mar 11, 2025 | IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations. | |||
| CVE-2024-49823 | 0.00 | — | 0.00 | Mar 11, 2025 | IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests. | |||
| CVE-2023-33855 | 0.00 | — | 0.00 | Mar 26, 2024 | Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: … | |||
| CVE-2023-47150 | 0.00 | — | 0.00 | Mar 26, 2024 | IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602. | |||
| CVE-2022-22423 | 0.00 | — | 0.00 | Sep 23, 2022 | IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596. |
- risk 0.64cvss 9.8epss 0.00
IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.
- CVE-2024-22340Mar 11, 2025risk 0.00cvss —epss 0.00
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack.
- CVE-2024-41760Mar 11, 2025risk 0.00cvss —epss 0.00
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations.
- CVE-2024-49823Mar 11, 2025risk 0.00cvss —epss 0.00
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an authenticated user to cause a denial of service in the Hardware Security Module (HSM) using a specially crafted sequence of valid requests.
- CVE-2023-33855Mar 26, 2024risk 0.00cvss —epss 0.00
Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: …
- CVE-2023-47150Mar 26, 2024risk 0.00cvss —epss 0.00
IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 could allow a remote user to cause a denial of service due to incorrect data handling for certain types of AES operations. IBM X-Force ID: 270602.
- CVE-2022-22423Sep 23, 2022risk 0.00cvss —epss 0.00
IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596.