CVE-2014-0878
Severity
5.8MEDIUM
EPSS
0.6%
top 31.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 26
Latest updateMay 17
Description
The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.
CVSS vector
AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-v5qx-wfhq-jh75: The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5↗2022-05-17
CVEList▶
CVE-2014-0878: The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5↗2014-05-26
📋Vendor Advisories
1Red Hat▶
JDK: Vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers↗2014-05-12
💬Community
1Bugzilla▶
CVE-2014-0878 IBM JDK: Vulnerability in the IBMSecureRandom implementation of the IBMJCE and IBMSecureRandom cryptographic providers↗2014-05-13