CVE-2014-0878

Severity

57%

Complexity

86%

Confidentiality

81%

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N).

Overview

Type

IBM Java SDK Technology Edition

First reported 10 years ago

2014-05-26 19:55:00

Last updated 7 years ago

2017-08-29 01:34:00

Affected Software

IBM Java SDK Technology Edition 6.0.0.0

6.0.0.0

IBM Java SDK Technology Edition 6.0.1.0 (Service Refresh 1)

6.0.1.0

IBM Java SDK Technology Edition 6.0..0 (Service Refresh 2)

6.0.2.0

IBM Java SDK Technology Edition 6.0.3.0 (Service Refresh 3)

6.0.3.0

IBM Java SDK Technology Edition 6.0.4.0 (Service Refresh 4)

6.0.4.0

IBM Java SDK Technology Edition 6.0.5.0 (Service Refresh 5)

6.0.5.0

IBM Java SDK Technology Edition 6.0.6.0 (Service Refresh 6)

6.0.6.0

IBM Java SDK Technology Edition 6.0.7.0 (Service Refresh 7)

6.0.7.0

IBM Java SDK Technology Edition 6.0.8.0 (Service Refresh 8)

6.0.8.0

IBM Java SDK Technology Edition 6.0.8.1 (Service Refresh 8 FixPack 1)

6.0.8.1

IBM Java SDK Technology Edition 6.0.9.0 (Service Refresh 9)

6.0.9.0

IBM Java SDK Technology Edition 6.0.9.1 (Service Refresh 9 FixPack 1)

6.0.9.1

IBM Java SDK Technology Edition 6.0.9.2 (Service Refresh 9 FixPack 2)

6.0.9.2

IBM Java SDK Technology Edition 6.0.10.0 (Service Refresh 10)

6.0.10.0

IBM Java SDK Technology Edition 6.0.10.1 (Service Refresh 10 FixPack 1)

6.0.10.1

IBM Java SDK Technology Edition 6.0.11.0 (Service Refresh 11)

6.0.11.0

IBM Java SDK Technology Edition 6.0.12.0 (Service Refresh 12)

6.0.12.0

IBM Java SDK Technology Edition 6.0.13.0 (Service Refresh 13)

6.0.13.0

IBM Java SDK Technology Edition 6.0.13.1 (Service Refresh 13 FixPack 1)

6.0.13.1

IBM Java SDK Technology Edition 6.0.13.2 (Service Refresh 13 FixPack 2)

6.0.13.2

IBM Java SDK Technology Edition 6.0.14.0 (Service Refresh 14)

6.0.14.0

IBM Java SDK Technology Edition 6.0.15.0 (Service Refresh 15)

6.0.15.0

IBM Java SDK Technology Edition 6.0.15.1 (Service Refresh 15 FixPack 1)

6.0.15.1

IBM Java SDK Technology Edition 5.0.0.0

5.0.0.0

IBM Java SDK Technology Edition 5.0.11.0 (5.0 Service Refresh 11)

5.0.11.0

IBM Java SDK Technology Edition 5.0.11.1 (5.0 Service Refresh 11 FixPack 1)

5.0.11.1

IBM Java SDK Technology Edition 5.0.11.2 (5.0 Service Refresh 11 FixPack 2)

5.0.11.2

IBM Java SDK Technology Edition 5.0.12.0 (5.0 Service Refresh 12)

5.0.12.0

IBM Java SDK Technology Edition 5.0.12.1 (5.0 Service Refresh 12 FixPack 1)

5.0.12.1

IBM Java SDK Technology Edition 5.0.12.2 (5.0 Service Refresh 12 FixPack 2)

5.0.12.2

IBM Java SDK Technology Edition 5.0.12.3 (5.0 Service Refresh 12 FixPack 3)

5.0.12.3

IBM Java SDK Technology Edition 5.0.12.4 (5.0 Service Refresh 12 FixPack 4)

5.0.12.4

IBM Java SDK Technology Edition 5.0.12.5 (5.0 Service Refresh 12 FixPack 5)

5.0.12.5

IBM Java SDK Technology Edition 5.0.13.0 (5.0 Service Refresh 13)

5.0.13.0

IBM Java SDK Technology Edition 5.0.14.0 (5.0 Service Refresh 14)

5.0.14.0

IBM Java SDK Technology Edition 5.0.15.0 (5.0 Service Refresh 15)

5.0.15.0

IBM Java SDK Technology Edition 5.0.16.0 (5.0 Service Refresh 16)

5.0.16.0

IBM Java SDK Technology Edition 5.0.16.1 (5.0 Service Refresh 16 FixPack 1)

5.0.16.1

IBM Java SDK Technology Edition 5.0.16.2 (5.0 Service Refresh 16 FixPack 2)

5.0.16.2

IBM Java SDK Technology Edition 5.0.16.3 (5.0 Service Refresh 16 FixPack 3)

5.0.16.3

IBM Java SDK Technology Edition 5.0.16.4 (5.0 Service Refresh 16 FixPack 4)

5.0.16.4

IBM Java SDK Technology Edition 5.0.16.5 (5.0 Service Refresh 16 FixPack 5)

5.0.16.5

IBM Java SDK Technology Edition 7.0.0.0 (7.0)

7.0.0.0

IBM Java SDK Technology Edition 7.0.1.0 (7.0 Service Refresh 1)

7.0.1.0

IBM Java SDK Technology Edition 7.0.2.0 (7.0 Service Refresh 2)

7.0.2.0

IBM Java SDK Technology Edition 7.0.3.0 (7.0 Service Refresh 3)

7.0.3.0

IBM Java SDK Technology Edition 7.0.4.0 (7.0 Service Refresh 4)

7.0.4.0

IBM Java SDK Technology Edition 7.0.4.1 (7.0 Service Refresh 4 FixPack 1)

7.0.4.1

IBM Java SDK Technology Edition 7.0.4.2 (7.0 Service Refresh 4 FixPack 2)

7.0.4.2

IBM Java SDK Technology Edition 7.0.5.0 (7.0 Service Refresh 5)

7.0.5.0

IBM Java SDK Technology Edition 7.0.6.0 (7.0 Service Refresh 6)

7.0.6.0

IBM Java SDK Technology Edition 7.0.6.1 (7.0 Service Refresh 6 FixPack 1)

7.0.6.1

IBM Java SDK Technology Edition 7.1.0.0 (7.1 Service Refresh 1)

7.1.0.0

References

59022

59023

59058

61264

http://www.ibm.com/support/docview.wss?uid=swg21675343

http://www.ibm.com/support/docview.wss?uid=swg21675588

http://www.ibm.com/support/docview.wss?uid=swg21677387

67601

http://www-01.ibm.com/support/docview.wss?uid=swg21672043

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21673836

http://www-01.ibm.com/support/docview.wss?uid=swg21674539

http://www-01.ibm.com/support/docview.wss?uid=swg21676672

http://www-01.ibm.com/support/docview.wss?uid=swg21676703

http://www-01.ibm.com/support/docview.wss?uid=swg21676746

http://www-01.ibm.com/support/docview.wss?uid=swg21679610

http://www-01.ibm.com/support/docview.wss?uid=swg21679713

http://www-01.ibm.com/support/docview.wss?uid=swg21680750

http://www-01.ibm.com/support/docview.wss?uid=swg21681256

http://www-01.ibm.com/support/docview.wss?uid=swg21683484

http://www-01.ibm.com/support/docview.wss?uid=swg21686717

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21689593

Vendor Advisory

ibm-java-cve20140878-weak-sec(91084)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.