PT-2018-4104 · Ibm+2 · Ibm Mobile Foundation+3
Published
2018-04-27
·
Updated
2018-06-04
·
CVE-2013-5391
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Worklight Consumer and Enterprise Editions versions 5.0.x through 5.0.5 and versions 6.0.x through 6.0.0 before Fix Pack 2
IBM Mobile Foundation Consumer and Enterprise Editions versions 5.0.x through 5.0.5 and version 6.0.0 before Fix Pack 2
Description
The issue makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging improper initialization of the pseudo random number generator (PRNG) in Android and use of the Java Cryptography Architecture (JCA) by a Worklight program.
Recommendations
For IBM Worklight Consumer and Enterprise Editions versions 5.0.x through 5.0.5, update to version 5.0.6 Fix Pack 2 or later.
For IBM Worklight Consumer and Enterprise Editions versions 6.0.x through 6.0.0 before Fix Pack 2, update to version 6.0.0 Fix Pack 2 or later.
For IBM Mobile Foundation Consumer and Enterprise Editions versions 5.0.x through 5.0.5, update to version 5.0.6 Fix Pack 2 or later.
For IBM Mobile Foundation Consumer and Enterprise Editions version 6.0.0 before Fix Pack 2, update to version 6.0.0 Fix Pack 2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android
Ibm Mobile Foundation
Ibm Worklight
Java Cryptography Architecture