CWE-385 - Covert Timing Channel

Description

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information. In some instances, knowing when data is transmitted between parties can provide a malicious user with privileged information. Also, externally monitoring the timing of operations can potentially reveal sensitive data. Covert channels are frequently classified as either storage or timing channels. They can lead to information exposure.The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-385

Multiple vulnerabilities in Oracle Linux 2024-04-17
High Yes

Oracle Solaris update for thrid-party components 2024-04-17
High Yes

Multiple vulnerabilities in Juniper Networks Junos cRPD 2024-04-15
High Yes

Multiple vulnerabilities in Juniper Cloud Native Router 2024-04-15
High Yes

Multiple vulnerabilities in IBM QRadar SIEM 2024-04-12
High Yes

Multiple vulnerabilities in IBM QRadar SIEM 2024-04-02
High Yes

Multiple vulnerabilities in IBM Voice Gateway 2024-04-02
Medium Yes

Multiple vulnerabilities in IBM Answer Retrieval for Watson Discovery 2024-04-02
Medium Yes

Multiple vulnerabilities in IBM Cloud Transformation Advisor 2024-03-20
Medium Yes

Multiple vulnerabilities in Mozilla Thunderbird 2024-03-19
High Yes

References

Description of CWE-385 on Mitre website