5 matches found
Security Bulletin: IBM Event Streams is vulnerable to Weak Encryption (CVE-2025-45767)
Summary IBM Event Streams is vulnerable to weak encryption due to the JOSE library. JOSE is used for JSON Object Signing and Encryption in token-based authentication. Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is...
Security Bulletin: IBM Maximo Application Suite uses jose-2.0.7.tgz, protobuf-3.20.3-py2.py3-none-any.whl and codemirror-6.0.1.tgz which is vulnerable to CVE-2025-45767, CVE-2025-4565 and CVE-2025-6493.
Summary IBM Maximo Application Suite uses jose-2.0.7.tgz, protobuf-3.20.3-py2.py3-none-any.whl and codemirror-6.0.1.tgz which is vulnerable to CVE-2025-45767, CVE-2025-4565 and CVE-2025-6493. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...
CVE-2025-45767
jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication...
CVE-2025-45767
CVE-2025-45767: jose v6.0.10 is associated with weak encryption. The Connected IBM bulletins confirm this CVE across IBM Concert/Events/Watsonx contexts and recommend upgrading to newer Jose-bearing releases (e.g., IBM Event Streams 12.1.0; IBM watsonx Cartridges 5.3.0 or later; IBM Concert Softw...
CVE-2025-45767
jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication...