A vulnerability discovered in the libgcrypt PRNG (Pseudo-Random Number Generator) affects IBM MQ Appliance.
CVEID: CVE-2016-6313**
DESCRIPTION:** GnuPG could provide weaker than expected security, caused by an error in the mixing functions when obtaining 4640 bits from the random number generator. A local attacker could exploit this vulnerability to predict the next 160 bits of output.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/116169> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
The following versions are affected:
IBM MQ Appliance 8.0
Apply fixpack 8.0.0.6 or later maintenance.
IBM MQ Appliance 9.0.x Continuous Delivery Release (CDR)
Apply continuous delivery update 9.0.2 or later.
None