CVE-2023-33850: 
IBM Db2 vulnerability analysis and mitigation

CVE-2023-33850 is a security vulnerability discovered in IBM GSKit-Crypto that was published on August 22, 2023. The vulnerability affects multiple IBM products including IBM TXSeries for Multiplatforms, CICS TX Standard, and CICS TX Advanced across various versions. This timing-based side channel vulnerability in the RSA Decryption implementation could potentially expose sensitive information to remote attackers (NVD, IBM Support).

The vulnerability is classified as CWE-203 (Observable Discrepancy) with a CVSS Base Score of 7.5 (HIGH) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The technical nature of the vulnerability involves a timing-based side channel in the RSA Decryption implementation, which could be exploited through the submission of numerous trial messages for decryption (NVD).

If exploited, this vulnerability could allow a remote attacker to obtain sensitive information. The high CVSS score of 7.5 indicates significant potential impact, particularly concerning confidentiality, while integrity and availability remain unaffected (IBM Support).

IBM has released fixes for multiple affected products: TXSeries for Multiplatforms versions 8.2 and 9.1 through Fix Central, CICS TX Standard 11.1 for Linux, and CICS TX Advanced versions 10.1 and 11.1. For TXSeries 8.1, PSIRT fixes are only provided for extended support customers through Salesforce case. No workarounds have been identified (IBM Support, IBM Support, IBM Support).