CVE-2014-0878

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.

References

http://secunia.com/advisories/59022

http://secunia.com/advisories/59023

http://secunia.com/advisories/59058

http://secunia.com/advisories/61264

http://www.ibm.com/support/docview.wss?uid=swg21675343

http://www.ibm.com/support/docview.wss?uid=swg21675588

http://www.ibm.com/support/docview.wss?uid=swg21677387

http://www.securityfocus.com/bid/67601

http://www-01.ibm.com/support/docview.wss?uid=swg21672043

http://www-01.ibm.com/support/docview.wss?uid=swg21673836

http://www-01.ibm.com/support/docview.wss?uid=swg21674539

http://www-01.ibm.com/support/docview.wss?uid=swg21676672

http://www-01.ibm.com/support/docview.wss?uid=swg21676703

http://www-01.ibm.com/support/docview.wss?uid=swg21676746

http://www-01.ibm.com/support/docview.wss?uid=swg21679610

http://www-01.ibm.com/support/docview.wss?uid=swg21679713

http://www-01.ibm.com/support/docview.wss?uid=swg21680750

http://www-01.ibm.com/support/docview.wss?uid=swg21681256

http://www-01.ibm.com/support/docview.wss?uid=swg21683484

http://www-01.ibm.com/support/docview.wss?uid=swg21686717

http://www-01.ibm.com/support/docview.wss?uid=swg21689593

https://exchange.xforce.ibmcloud.com/vulnerabilities/91084

Details

Source: MITRE

Published: 2014-05-26

Updated: 2017-08-29

Type: CWE-310

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ibm:java_sdk:6.0.0.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.1.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.2.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.3.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.4.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.5.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.6.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.7.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.8.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.8.1:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.9.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.9.1:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.9.2:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.10.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.10.1:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.11.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.12.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.13.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.13.1:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.13.2:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.14.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.15.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:6.0.15.1:*:*:*:technology:*:*:*

Configuration 2

OR

cpe:2.3:a:ibm:java_sdk:5.0.0.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.11.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.11.1:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.11.2:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.12.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.12.1:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.12.2:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.12.3:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.12.4:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.12.5:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.13.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.14.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.15.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.16.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.16.1:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.16.2:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.16.3:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.16.4:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:5.0.16.5:*:*:*:technology:*:*:*

Configuration 3

OR

cpe:2.3:a:ibm:java_sdk:7.0.0.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:7.0.2.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:7.0.3.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:7.0.4.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:7.0.4.1:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:7.0.4.2:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:7.0.5.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:7.0.6.0:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:7.0.6.1:*:*:*:technology:*:*:*

cpe:2.3:a:ibm:java_sdk:7.1.0.0:*:*:*:technology:*:*:*

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
9699IBM WebSphere Application Server 7.0 < 7.0.0.33 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
critical
83625SUSE SLES10 Security Update : IBM Java 5 (SUSE-SU-2014:0732-1)NessusSuSE Local Security Checks
critical
79039RHEL 5 / 6 : IBM Java Runtime in Satellite Server (RHSA-2014:0982)NessusRed Hat Local Security Checks
critical
76995IBM WebSphere Application Server 8.0 < Fix Pack 9 Multiple VulnerabilitiesNessusWeb Servers
high
76967IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple VulnerabilitiesNessusWeb Servers
high
76900RHEL 7 : java-1.7.1-ibm (RHSA-2014:0705)NessusRed Hat Local Security Checks
critical
76870AIX Java Advisory : java_apr2014_advisory.ascNessusAIX Local Security Checks
critical
74284SuSE 11.3 Security Update : IBM Java 6 (SAT Patch Number 9256)NessusSuSE Local Security Checks
critical
74254SuSE 11.3 Security Update : IBM Java 7 (SAT Patch Number 9263)NessusSuSE Local Security Checks
critical
74032RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:0509)NessusRed Hat Local Security Checks
critical
74031RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:0508)NessusRed Hat Local Security Checks
critical
74005RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2014:0486)NessusRed Hat Local Security Checks
critical