Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7B76817EED0E127429685EBC54E3B9412E6E325298046A7580AE6A5704C962C4
HistoryJan 31, 2023 - 10:30 a.m.

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to jsonwebtoken CVE-2022-23529

2023-01-3110:30:24
www.ibm.com
10
JSON

Summary

Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to jsonwebtoken CVE-2022-23529 with details

Vulnerability Details

CVEID:CVE-2022-23529
**DESCRIPTION:**Auth0 jsonwebtoken could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper input validation by the jwt.verify function. By sending a specially-crafted request using the key retrieval parameter, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242967 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Automation Assets in IBM Cloud Pak for Integration (CP4I) 2020.4.1
2021.1.1
2021.2.1
2021.4.1
2022.2.1

Remediation/Fixes

Automation Assets****in IBM Cloud Pak for Integration

Upgrade Automation Assets Operator to 2022.2.1-5 using the Operator upgrade process described in the IBM Documentation

<https://www.ibm.com/docs/en/cloud-paks/cp-integration/2022.2?topic=capabilities-upgrading-automation-assets&gt;

Workarounds and Mitigations

None

Related

nessus 1
osv 1
thn 1
hivepro 1
cve 1
github 1
githubexploit 2
veracode 1
redhatcve 1
ibm 12
nessus
nessus
Auth0 JsonWebtoken < 9.0.0 Arbitrary File Write (deprecated)
2023-01-13 00:00:00
osv
osv
jsonwebtoken has insecure input validation in jwt.verify function
2022-12-22 03:31:28
thn
thn
Severe Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ Projects
2023-01-10 08:54:00
hivepro
hivepro
New Vulnerability Found in the JsonWebToken Open-Source Project
2023-01-10 12:11:46
cve
cve
CVE-2022-23529
2022-12-21 21:15:00
github
github
jsonwebtoken has insecure input validation in jwt.verify function
2022-12-22 03:31:28
githubexploit
githubexploit
Exploit for CVE-2022-23529
2023-01-16 02:35:54
Exploit for CVE-2022-23529
2023-01-16 02:35:54
veracode
veracode
Improper Input Validation
2022-12-23 05:35:31
redhatcve
redhatcve
CVE-2022-23529
2023-01-11 05:35:13
ibm
ibm
Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to multiple jsonwebtoken CVEs
2023-01-30 10:40:47
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by a vulnerability in JSON Web Token
2023-02-24 13:19:16
Security Bulletin: IBM Event Streams is affected by vulnerabilities in the jsonwebtoken package (CVE-2022-23529, CVE-2022-23539, CVE-2022-23540, CVE-2022-23541)
2023-04-04 07:11:29
JSON
Related for 7B76817EED0E127429685EBC54E3B9412E6E325298046A7580AE6A5704C962C4
nessus1osv1thn1hivepro1cve1github1githubexploit2veracode1redhatcve1ibm12