Login Sign Up

CVE-2023-47150

7.5 HIGH
Denial of Service

📋 TL;DR

IBM Common Cryptographic Architecture (CCA) versions 7.0.0 through 7.5.36 contain a vulnerability in AES operation handling that could allow a remote user to cause a denial of service. The vulnerability stems from incorrect data processing during certain AES cryptographic operations. Systems using affected CCA versions for cryptographic services are at risk.

💻 Affected Systems

Products:
  • IBM Common Cryptographic Architecture (CCA)
Versions: 7.0.0 through 7.5.36
Operating Systems: All platforms running IBM CCA
Default Config Vulnerable: ⚠️ Yes
Notes: Systems using CCA for AES cryptographic operations are vulnerable regardless of configuration.

📦 What is this software?

Common Cryptographic Architecture by Ibm

View all CVEs affecting Common Cryptographic Architecture →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of cryptographic operations, potentially affecting all applications relying on CCA for encryption/decryption services.

🟠

Likely Case

Service degradation or temporary unavailability of cryptographic functions when maliciously triggered AES operations are processed.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting exposure to trusted sources only.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Remote exploitation requires sending specially crafted data to trigger the vulnerable AES operations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.5.37 and later

Vendor Advisory: https://www.ibm.com/support/pages/node/7145168

Restart Required: Yes

Instructions:

1. Download IBM CCA version 7.5.37 or later from IBM Fix Central. 2. Stop all applications using CCA. 3. Apply the update following IBM installation procedures. 4. Restart CCA services and dependent applications.

🔧 Temporary Workarounds

Network Access Restriction

all

Limit network access to CCA services to only trusted sources using firewall rules.

Application Layer Filtering

all

Implement input validation in applications using CCA to filter potentially malicious AES operation requests.

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate CCA services from untrusted networks.
  • Monitor CCA service logs for unusual AES operation patterns and implement rate limiting.

🔍 How to Verify

Check if Vulnerable:

Check CCA version using 'pkcsconf -v' or equivalent command. Versions 7.0.0 through 7.5.36 are vulnerable.

Check Version:

pkcsconf -v

Verify Fix Applied:

Verify CCA version is 7.5.37 or later using 'pkcsconf -v' command.

📡 Detection & Monitoring

Log Indicators:

  • Unusual AES operation failures
  • Increased error rates in cryptographic operations
  • Service restart events in CCA logs

Network Indicators:

  • Unusual traffic patterns to CCA service ports
  • Repeated connection attempts with cryptographic payloads

SIEM Query:

source="cca_logs" AND (error OR failure) AND (AES OR cryptographic)

📊 Metadata

CVE ID: CVE-2023-47150
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
Published: March 26, 2024
Last Updated: July 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47150, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)