A vulnerability in the node-uuid module causes the module to fallback on math.random under certain circumstances, which leads to predictable UUIDs. The node-uuid module is used by the Node.js Package Manager (npm).
CVEID: CVE-2015-8851**
DESCRIPTION:** node.js node-uuid could provide weaker than expected, caused by the use of Math.random() instead of a more cryptographically sound source of entropy. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112166 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
IBM Rational Application Developer for WebSphere Software v9.1 and v9.5
Rational Application Developer
| 9.1.x and 9.5.x| PI61955|
Installation instructions for applying the update to the Cordova platform in the product can be found here: