CVE-2013-5391

{"id": "CVE-2013-5391", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2018-04-27T16:29:00.207", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665731", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87128", "tags": ["Vendor Advisory", "VDB Entry"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.x before 6.0.0 Fix Pack 2, and Mobile Foundation Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix Pack 2 and 6.0.0 Fix Pack 2 make it easier for attackers to defeat cryptographic protection mechanisms by leveraging improper initialization of the pseudo random number generator (PRNG) in Android and use of the Java Cryptography Architecture (JCA) by a Worklight program. IBM X-Force ID: 87128."}, {"lang": "es", "value": "Las ediciones Consumer y Enterprise de IBM Worklight, en versiones 5.0.x anteriores a la 5.0.6 Fix Pack 2 y versiones 6.0.x anteriores a la 6.0.0 Fix Pack 2; as\u00ed como las ediciones Consumer y Enterprise de Mobile Foundation, en versiones 5.0.x anteriores a la 5.0.6 Fix Pack 2 y la versi\u00f3n 6.0.0 Fix Pack 2, facilitan que los atacantes superen los mecanismos de protecci\u00f3n criptogr\u00e1fica aprovechando la inicializaci\u00f3n incorrecta del PRNG (pseudo random number generator) en Android y utilizando JCA (Java Cryptography Architecture) por medio de un programa Worklight. IBM X-Force ID: 87128."}], "lastModified": "2018-06-04T16:23:25.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:worklight:5.0.0.0:*:*:*:consumer:*:*:*", "vulnerable": true, "matchCriteriaId": "3F9F05EA-7931-4F33-8417-D19FD34E2F1D"}, {"criteria": "cpe:2.3:a:ibm:worklight:5.0.0.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "9CD1B3B7-D5EE-43F5-8DA6-447B9E56A7C3"}, {"criteria": "cpe:2.3:a:ibm:worklight:5.0.5.0:*:*:*:consumer:*:*:*", "vulnerable": true, "matchCriteriaId": "DDFC15E8-309B-4628-9433-07A728D9F44F"}, {"criteria": "cpe:2.3:a:ibm:worklight:5.0.5.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "A71F0E5E-F422-47B3-96CF-CF345947D822"}, {"criteria": "cpe:2.3:a:ibm:worklight:5.0.6.0:*:*:*:consumer:*:*:*", "vulnerable": true, "matchCriteriaId": "D54DB742-01A0-45B4-9C82-F92B5FC8CE9C"}, {"criteria": "cpe:2.3:a:ibm:worklight:5.0.6.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "248DF8E8-BB46-4AFF-B146-D55BAD98FFEC"}, {"criteria": "cpe:2.3:a:ibm:worklight:6.0.0.0:*:*:*:consumer:*:*:*", "vulnerable": true, "matchCriteriaId": "D346CCB1-1832-4E8B-AB8E-ADB6547563F6"}, {"criteria": "cpe:2.3:a:ibm:worklight:6.0.0.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "E6383639-CEFB-4797-A037-CDD36354D2DC"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:mobile_foundation:5.0.0.0:*:*:*:consumer:*:*:*", "vulnerable": true, "matchCriteriaId": "050691AE-1E3D-4A6E-A286-DA5BA44CF7EC"}, {"criteria": "cpe:2.3:a:ibm:mobile_foundation:5.0.0.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "473213A1-4B3A-4391-95DB-676F2C45B229"}, {"criteria": "cpe:2.3:a:ibm:mobile_foundation:5.0.5.0:*:*:*:consumer:*:*:*", "vulnerable": true, "matchCriteriaId": "BA685C57-76D6-4CB0-B7B7-26F3D3341D9A"}, {"criteria": "cpe:2.3:a:ibm:mobile_foundation:5.0.5.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "51F3C4C6-05AA-4D6B-BC1D-FDE0EF1A4402"}, {"criteria": "cpe:2.3:a:ibm:mobile_foundation:5.0.6.0:*:*:*:consumer:*:*:*", "vulnerable": true, "matchCriteriaId": "3BB40D14-1E27-4CFA-BF9D-1752D7A6BD77"}, {"criteria": "cpe:2.3:a:ibm:mobile_foundation:5.0.6.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "A32F0BA6-CF1E-4CAB-A0F0-0EC6450B69D7"}, {"criteria": "cpe:2.3:a:ibm:mobile_foundation:6.0.0.0:*:*:*:consumer:*:*:*", "vulnerable": true, "matchCriteriaId": "3F2943D2-E43C-4B78-A375-E00CC4D64849"}, {"criteria": "cpe:2.3:a:ibm:mobile_foundation:6.0.0.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "33AFD850-9DC0-44FA-A30B-1EEDD463D944"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}