CVE-2014-0878

Name of the Vulnerable Software and Affected Versions IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6 IBM SDK Java Technology Edition 6 before Service Refresh 16 IBM SDK Java Technology Edition 6.0.1 before Service Refresh 8 IBM SDK Java Technology Edition 7 before Service Refresh 7 IBM SDK Java Technology Edition 7R1 before Service Refresh 1

Description The issue makes it easier for attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output. This is due to a problem in the IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers.

Recommendations For IBM SDK Java Technology Edition 5.0, update to Service Refresh 16 FP6 or later. For IBM SDK Java Technology Edition 6, update to Service Refresh 16 or later. For IBM SDK Java Technology Edition 6.0.1, update to Service Refresh 8 or later. For IBM SDK Java Technology Edition 7, update to Service Refresh 7 or later. For IBM SDK Java Technology Edition 7R1, update to Service Refresh 1 or later.