Vulnerability in IBM Worklight and Mobile Foundation due to PRNG Initialization Issues
CVE-2013-5391

5.3MEDIUM

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
27 April 2018

Summary

The vulnerability arises from improper initialization of the pseudo random number generator (PRNG) in both the Android environment and the Java Cryptography Architecture (JCA) utilized in IBM Worklight and Mobile Foundation. This flaw can allow attackers to bypass cryptographic safeguards, making it easier for them to exploit applications using these platforms. Updates are recommended to mitigate the risks associated with these vulnerabilities.

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.