Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-09804
HistoryJan 07, 2022 - 12:00 a.m.

Pac4j data forgery problem vulnerability

2022-01-0700:00:00
China National Vulnerability Database
www.cnvd.org.cn
4

0.002 Low

EPSS

Percentile

53.0%

JSON

Pac4j is a simple yet powerful Java security engine. Used to authenticate users, obtain their profiles and manage authorization to protect Web applications and Web services.Pac4j has a data forgery problem vulnerability that stems from the product not using a valid algorithm when validating ID tokens, which can be exploited by attackers to bypass token authentication.

CPENameOperatorVersion
Pac4j Pac4jle5.1

Related

veracode 1
github 1
ibm 2
prion 1
osv 2
cve 1
cvelist 1
nvd 1
veracode
veracode
Insecure Token
2022-01-07 03:46:43
github
github
Pac4j token validation bypass if OpenID Connect provider supports none algorithm
2022-01-08 00:36:05
ibm
ibm
Security Bulletin: Due to use of pac4j, IBM Cloud PAK for Watson AI Ops is vulnerable to token bypass (CVE-2021-44878)
2022-09-14 15:31:45
Security Bulletin: Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.
2022-10-25 13:11:39
prion
prion
Design/Logic Flaw
2022-01-06 13:15:00
osv
osv
Pac4j token validation bypass if OpenID Connect provider supports none algorithm
2022-01-08 00:36:05
CVE-2021-44878
2022-01-06 13:15:08
cve
cve
CVE-2021-44878
2022-01-06 13:15:08
cvelist
cvelist
CVE-2021-44878
2022-01-06 12:52:04
nvd
nvd
CVE-2021-44878
2022-01-06 13:15:08

0.002 Low

EPSS

Percentile

53.0%

JSON
Related for CNVD-2022-09804
veracode1github1ibm2prion1osv2cve1cvelist1nvd1