What is the severity of CVE-2013-7372?

CVE-2013-7372 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2013-7372?

Yes, there are known exploits available for CVE-2013-7372. Immediate patching is recommended.

Is there a patch available for CVE-2013-7372?

Yes, patches are available for CVE-2013-7372. Check the vendor advisories for update instructions.

CVE-2013-7372 - CVE Details, Severity, and Analysis

CVE-2013-7372 - CVE Details, Severity, and Analysis | Strobes VI

Severity Scores

CVSS v30.0

CVSS v25.0

Priority Score0.0

EPSS Score1.0

None

Exploitation LikelihoodLow

1.00%EPSS

Lower probability of exploitation

Patch during regular maintenance

1.00%

EPSS

0.0

CVSS

Yes

Exploit

Yes

Patch

Medium Priority

exploit exists

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013.

CVSS v3 Breakdown

Attack Vector:-

Attack Complexity:-

Privileges Required:-

User Interaction:-

Scope:-

Confidentiality:-

Integrity:-

Availability:-

Exploit References

[email protected]

Patch References

[email protected][email protected]Zeroday CZ

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Google	Android
Apache