CVE-2014-0878

JDK: Vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers

Severity Score

5.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.

El componente IBMSecureRandom en los proveedores criptográficos IBMJCE y IBMSecureRandom en IBM SDK Java Technology Edition 5.0 anterior a Service Refresh 16 FP6, 6 anterior a Service Refresh 16, 6.0.1 anterior a Service Refresh 8, 7 anterior a Service Refresh 7 y 7R1 anterior a Service Refresh 1 facilita a atacantes dependientes de contexto anular mecanismos de protección criptográficos mediante la predicción de la salida del generador de números aleatorias.

*Credits: N/A

CVSS Scores

NISTv2 5.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-01-06 CVE Reserved
2014-05-26 CVE Published
2024-01-06 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-310: Cryptographic Issues

CAPEC

References (24)

URL	Tag	Source
http://secunia.com/advisories/59022	Third Party Advisory
http://secunia.com/advisories/59023	Third Party Advisory
http://secunia.com/advisories/59058	Third Party Advisory
http://secunia.com/advisories/61264	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21673836	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21674539	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676672	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676703	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21676746	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21679610	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21679713	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21680750	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21681256	X_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21683484	X_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21675343	X_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21675588	X_refsource_confirm
http://www.ibm.com/support/docview.wss?uid=swg21677387	X_refsource_confirm
http://www.securityfocus.com/bid/67601	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/91084	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www-01.ibm.com/support/docview.wss?uid=swg21672043	2017-08-29
http://www-01.ibm.com/support/docview.wss?uid=swg21686717	2017-08-29
http://www-01.ibm.com/support/docview.wss?uid=swg21689593	2017-08-29
https://access.redhat.com/security/cve/CVE-2014-0878	2014-07-29
https://bugzilla.redhat.com/show_bug.cgi?id=1097345	2014-07-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.0.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.0.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.1.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.1.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.2.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.2.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.3.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.3.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.4.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.4.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.5.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.5.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.6.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.6.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.7.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.7.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.8.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.8.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.8.1 Search vendor "Ibm" for product "Java Sdk" and version "6.0.8.1"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.9.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.9.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.9.1 Search vendor "Ibm" for product "Java Sdk" and version "6.0.9.1"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.9.2 Search vendor "Ibm" for product "Java Sdk" and version "6.0.9.2"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.10.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.10.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.10.1 Search vendor "Ibm" for product "Java Sdk" and version "6.0.10.1"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.11.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.11.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.12.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.12.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.13.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.13.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.13.1 Search vendor "Ibm" for product "Java Sdk" and version "6.0.13.1"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.13.2 Search vendor "Ibm" for product "Java Sdk" and version "6.0.13.2"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.14.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.14.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.15.0 Search vendor "Ibm" for product "Java Sdk" and version "6.0.15.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				6.0.15.1 Search vendor "Ibm" for product "Java Sdk" and version "6.0.15.1"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.0.0 Search vendor "Ibm" for product "Java Sdk" and version "5.0.0.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.11.0 Search vendor "Ibm" for product "Java Sdk" and version "5.0.11.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.11.1 Search vendor "Ibm" for product "Java Sdk" and version "5.0.11.1"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.11.2 Search vendor "Ibm" for product "Java Sdk" and version "5.0.11.2"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.12.0 Search vendor "Ibm" for product "Java Sdk" and version "5.0.12.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.12.1 Search vendor "Ibm" for product "Java Sdk" and version "5.0.12.1"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.12.2 Search vendor "Ibm" for product "Java Sdk" and version "5.0.12.2"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.12.3 Search vendor "Ibm" for product "Java Sdk" and version "5.0.12.3"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.12.4 Search vendor "Ibm" for product "Java Sdk" and version "5.0.12.4"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.12.5 Search vendor "Ibm" for product "Java Sdk" and version "5.0.12.5"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.13.0 Search vendor "Ibm" for product "Java Sdk" and version "5.0.13.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.14.0 Search vendor "Ibm" for product "Java Sdk" and version "5.0.14.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.15.0 Search vendor "Ibm" for product "Java Sdk" and version "5.0.15.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.16.0 Search vendor "Ibm" for product "Java Sdk" and version "5.0.16.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.16.1 Search vendor "Ibm" for product "Java Sdk" and version "5.0.16.1"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.16.2 Search vendor "Ibm" for product "Java Sdk" and version "5.0.16.2"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.16.3 Search vendor "Ibm" for product "Java Sdk" and version "5.0.16.3"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.16.4 Search vendor "Ibm" for product "Java Sdk" and version "5.0.16.4"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				5.0.16.5 Search vendor "Ibm" for product "Java Sdk" and version "5.0.16.5"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				7.0.0.0 Search vendor "Ibm" for product "Java Sdk" and version "7.0.0.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				7.0.1.0 Search vendor "Ibm" for product "Java Sdk" and version "7.0.1.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				7.0.2.0 Search vendor "Ibm" for product "Java Sdk" and version "7.0.2.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				7.0.3.0 Search vendor "Ibm" for product "Java Sdk" and version "7.0.3.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				7.0.4.0 Search vendor "Ibm" for product "Java Sdk" and version "7.0.4.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				7.0.4.1 Search vendor "Ibm" for product "Java Sdk" and version "7.0.4.1"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				7.0.4.2 Search vendor "Ibm" for product "Java Sdk" and version "7.0.4.2"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				7.0.5.0 Search vendor "Ibm" for product "Java Sdk" and version "7.0.5.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				7.0.6.0 Search vendor "Ibm" for product "Java Sdk" and version "7.0.6.0"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				7.0.6.1 Search vendor "Ibm" for product "Java Sdk" and version "7.0.6.1"		technology		Affected
Ibm Search vendor "Ibm"		Java Sdk Search vendor "Ibm" for product "Java Sdk"				7.1.0.0 Search vendor "Ibm" for product "Java Sdk" and version "7.1.0.0"		technology		Affected