製品・ソフトウェアに関する情報

JVN脆弱性詳細

IBM SDK, Java Technology Edition の IBMJCE および IBMSecureRandom の暗号化プロバイダにおける暗号保護メカニズムを破られる脆弱性

Title	IBM SDK, Java Technology Edition の IBMJCE および IBMSecureRandom の暗号化プロバイダにおける暗号保護メカニズムを破られる脆弱性
Summary	IBM SDK, Java Technology Edition の IBMJCE および IBMSecureRandom の暗号化プロバイダの IBMSecureRandom コンポーネントには、暗号保護メカニズムを破られる脆弱性が存在します。
Possible impacts	攻撃者により、乱数ジェネレータの出力を予測されることで、暗号保護メカニズムを破られる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 5, 2014, midnight
Registration Date	May 28, 2014, 2:53 p.m.
Last Update	Dec. 25, 2014, 6:04 p.m.

CVSS2.0 : 警告
Score	5.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:N

Affected System

IBM

IBM API Management 2.0.0.0

IBM API Management 2.0.0.1

IBM API Management 2.0.0.2

IBM API Management 3.0.0.0

IBM InfoSphere Streams 1.0

IBM InfoSphere Streams 1.0.1

IBM InfoSphere Streams 1.2

IBM InfoSphere Streams 2.0

IBM InfoSphere Streams 3.0

IBM InfoSphere Streams 3.1

IBM InfoSphere Streams 3.2

IBM InfoSphere Streams 3.2.1

IBM Lotus Expeditor 6.2.x

IBM Lotus Quickr 8.5 for WebSphere Portal

IBM Multi-Enterprise Integration Gateway 1.0

IBM Operational Decision Manager 8.0

IBM Operational Decision Manager 8.5

IBM Operational Decision Manager 8.6

IBM SDK, Java 2 Technology Edition 5.0 SR 16 FP 5 およびそれ以前

IBM SDK, Java Technology Edition 6 SR 15 FP 1 およびそれ以前

IBM SDK, Java Technology Edition 6.0.1 SR 7 FP 1 およびそれ以前

IBM SDK, Java Technology Edition 7 SR 6 FP 1 およびそれ以前

IBM SDK, Java Technology Edition 7R1 GA

IBM Security Access Manager for Mobile アプライアンス

IBM Security Access Manager for Mobile ソフトウェア 8.0

IBM Security Access Manager for Web アプライアンス

IBM Security Access Manager for Web ソフトウェア 7.0

IBM Security Access Manager for Web ソフトウェア 8.0

IBM SmartCloud Provisioning 1.2

IBM SmartCloud Provisioning 2.1 から 2.1 Fix Pack 4

IBM SmartCloud Provisioning 2.3

IBM SmartCloud Provisioning 2.3 Fix Pack 1

IBM WebSphere Business Events 7.0

IBM WebSphere ILOG JRules 7.0

IBM WebSphere ILOG JRules 7.1

IBM WebSphere Operational Decision Management 7.5

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2014-0878	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0878
National Vulnerability Database (NVD)
2	CVE-2014-0878	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0878

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-310	https://jvndb.jvn.jp/ja/cwe/CWE-310.html

ベンダー情報

No	Name	URL
IBM Support Document
1	1672043	http://www-01.ibm.com/support/docview.wss?uid=swg21672043
2	1672080	http://www-01.ibm.com/support/docview.wss?uid=swg21672080
3	1673836	http://www-01.ibm.com/support/docview.wss?uid=swg21673836
4	1674539	http://www-01.ibm.com/support/docview.wss?uid=swg21674539
5	1675343	http://www-01.ibm.com/support/docview.wss?uid=swg21675343
6	1675588	http://www-01.ibm.com/support/docview.wss?uid=swg21675588
7	1676703	http://www-01.ibm.com/support/docview.wss?uid=swg21676703
8	1676746	http://www-01.ibm.com/support/docview.wss?uid=swg21676746
9	1677387	http://www-01.ibm.com/support/docview.wss?uid=swg21677387
10	1679713	http://www-01.ibm.com/support/docview.wss?uid=swg21679713
11	1681256	http://www-01.ibm.com/support/docview.wss?uid=swg21681256
12	1686717	http://www-01.ibm.com/support/docview.wss?uid=swg21686717
13	1689593	http://www-01.ibm.com/support/docview.wss?uid=swg21689593
IBM セキュリティー情報
14	1677900	http://www-01.ibm.com/support/docview.wss?uid=swg21677900

その他

No	Name	URL
関連文書
1	ibm-java-cve20140878-weak-sec (91084)	http://xforce.iss.net/xforce/xfdb/91084

Change Log

No	Changed Details	Date of change
0	[2014年05月28日] 掲載 [2014年06月25日] 影響を受けるシステム：内容を更新ベンダ情報：IBM (1675588) を追加ベンダ情報：IBM (1675343) を追加 [2014年06月30日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：IBM (1672080) を追加 [2014年07月14日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：IBM (1676746) の情報を追加ベンダ情報：IBM (1677900) の情報を追加 [2014年08月05日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：IBM (1673836) を追加ベンダ情報：IBM (1674539) を追加ベンダ情報：IBM (1676703) を追加 [2014年09月29日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：IBM (1677387) を追加ベンダ情報：IBM (1681256) を追加ベンダ情報：IBM (1679713) を追加 [2014年11月28日] ベンダ情報：IBM (1686717) を追加 [2014年12月25日] ベンダ情報：IBM (1689593) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2014-0878

Summary	The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.
Publication Date	May 27, 2014, 4:55 a.m.
Registration Date	Jan. 26, 2021, 3:05 p.m.
Last Update	Nov. 21, 2024, 11:02 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:java_sdk:6.0.1.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.12.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.8.1::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.9.1::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.9.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.15.1::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.4.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.0.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.14.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.10.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.6.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.13.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.7.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.8.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.13.2::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.2.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.15.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.5.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.11.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.13.1::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.10.1::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.9.2::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.3.0::::technology:::

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:ibm:java_sdk:5.0.16.3::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.16.4::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.12.5::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.11.0::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.11.2::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.12.0::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.12.4::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.16.2::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.16.5::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.12.3::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.14.0::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.11.1::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.15.0::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.12.2::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.16.1::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.13.0::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.12.1::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.0.0::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.16.0::::technology:::

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:ibm:java_sdk:7.0.6.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.4.2::::technology:::
cpe:2.3:a:ibm:java_sdk:7.1.0.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.4.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.4.1::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.1.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.3.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.0.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.5.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.2.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.6.1::::technology:::

Related information, measures and tools

No	URL	タグ
1	http://secunia.com/advisories/59022
2	http://secunia.com/advisories/59022
3	http://secunia.com/advisories/59023
4	http://secunia.com/advisories/59023
5	http://secunia.com/advisories/59058
6	http://secunia.com/advisories/59058
7	http://secunia.com/advisories/61264
8	http://secunia.com/advisories/61264
9	http://www.ibm.com/support/docview.wss?uid=swg21675343
10	http://www.ibm.com/support/docview.wss?uid=swg21675343
11	http://www.ibm.com/support/docview.wss?uid=swg21675588
12	http://www.ibm.com/support/docview.wss?uid=swg21675588
13	http://www.ibm.com/support/docview.wss?uid=swg21677387
14	http://www.ibm.com/support/docview.wss?uid=swg21677387
15	http://www.securityfocus.com/bid/67601
16	http://www.securityfocus.com/bid/67601
17	http://www-01.ibm.com/support/docview.wss?uid=swg21672043	Vendor Advisory
18	http://www-01.ibm.com/support/docview.wss?uid=swg21672043	Vendor Advisory
19	http://www-01.ibm.com/support/docview.wss?uid=swg21673836
20	http://www-01.ibm.com/support/docview.wss?uid=swg21673836
21	http://www-01.ibm.com/support/docview.wss?uid=swg21674539
22	http://www-01.ibm.com/support/docview.wss?uid=swg21674539
23	http://www-01.ibm.com/support/docview.wss?uid=swg21676672
24	http://www-01.ibm.com/support/docview.wss?uid=swg21676672
25	http://www-01.ibm.com/support/docview.wss?uid=swg21676703
26	http://www-01.ibm.com/support/docview.wss?uid=swg21676703
27	http://www-01.ibm.com/support/docview.wss?uid=swg21676746
28	http://www-01.ibm.com/support/docview.wss?uid=swg21676746
29	http://www-01.ibm.com/support/docview.wss?uid=swg21679610
30	http://www-01.ibm.com/support/docview.wss?uid=swg21679610
31	http://www-01.ibm.com/support/docview.wss?uid=swg21679713
32	http://www-01.ibm.com/support/docview.wss?uid=swg21679713
33	http://www-01.ibm.com/support/docview.wss?uid=swg21680750
34	http://www-01.ibm.com/support/docview.wss?uid=swg21680750
35	http://www-01.ibm.com/support/docview.wss?uid=swg21681256
36	http://www-01.ibm.com/support/docview.wss?uid=swg21681256
37	http://www-01.ibm.com/support/docview.wss?uid=swg21683484
38	http://www-01.ibm.com/support/docview.wss?uid=swg21683484
39	http://www-01.ibm.com/support/docview.wss?uid=swg21686717	Vendor Advisory
40	http://www-01.ibm.com/support/docview.wss?uid=swg21686717	Vendor Advisory
41	http://www-01.ibm.com/support/docview.wss?uid=swg21689593	Vendor Advisory
42	http://www-01.ibm.com/support/docview.wss?uid=swg21689593	Vendor Advisory
43	https://exchange.xforce.ibmcloud.com/vulnerabilities/91084
44	https://exchange.xforce.ibmcloud.com/vulnerabilities/91084

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:ibm:java_sdk:6.0.1.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.12.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.8.1::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.9.1::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.9.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.15.1::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.4.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.0.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.14.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.10.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.6.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.13.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.7.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.8.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.13.2::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.2.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.15.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.5.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.11.0::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.13.1::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.10.1::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.9.2::::technology:::
cpe:2.3:a:ibm:java_sdk:6.0.3.0::::technology:::

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:ibm:java_sdk:5.0.16.3::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.16.4::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.12.5::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.11.0::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.11.2::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.12.0::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.12.4::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.16.2::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.16.5::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.12.3::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.14.0::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.11.1::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.15.0::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.12.2::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.16.1::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.13.0::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.12.1::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.0.0::::technology:::
cpe:2.3:a:ibm:java_sdk:5.0.16.0::::technology:::

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:ibm:java_sdk:7.0.6.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.4.2::::technology:::
cpe:2.3:a:ibm:java_sdk:7.1.0.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.4.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.4.1::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.1.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.3.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.0.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.5.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.2.0::::technology:::
cpe:2.3:a:ibm:java_sdk:7.0.6.1::::technology:::