Vulnerability in IBM Worklight and Mobile Foundation due to PRNG Initialization Issues
CVE-2013-5391

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Worklight
Vendor: CVE Published:; 27 April 2018

Summary

The vulnerability arises from improper initialization of the pseudo random number generator (PRNG) in both the Android environment and the Java Cryptography Architecture (JCA) utilized in IBM Worklight and Mobile Foundation. This flaw can allow attackers to bypass cryptographic safeguards, making it easier for them to exploit applications using these platforms. Updates are recommended to mitigate the risks associated with these vulnerabilities.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/87128

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21665731

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 27, 2018
Vulnerability Reserved
Aug 22, 2013