Lucene search
K

75 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 6:54 p.m.8 views

Security Bulletin: Security Vulnerability in Nimbus Jose JWT Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2025-53864)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerability in Nimbus Jose JWT Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a...

5.8CVSS6.2AI score0.00806EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/25 5:13 p.m.13 views

Security Bulletin: A nimbus-jose-jwt-9.37.3.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in nimbus-jose-jwt-9.37.3.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before...

5.8CVSS6.8AI score0.00806EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2026/02/25 6:29 p.m.21 views

DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Crucible Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 4.8.0, 4.9.0 of Crucible Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker...

7.5CVSS5.8AI score0.00814EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/07 2:21 p.m.7 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Connect2id Nimbus JOSE + JWT (CVE-2025-53864)

Summary A vulnerability in Connect2id Nimbus JOSE + JWT that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of...

5.8CVSS6.8AI score0.00806EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-4350

Malicious code in bioql PyPI...

4.3CVSS4.3AI score0.00637EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-2037

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.00888EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-4754

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.01256EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/23 7:25 a.m.12 views

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Nimbus JOSE+JWT library which is vulnerable to CVE-2025-53864

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Nimbus JOSE+JWT library which is vulnerable to CVE-2025-53864. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbu...

5.8CVSS7AI score0.00806EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/20 11:27 a.m.6 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in nimbus-jose-jwt-9.24.4.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of nimbus-jose-jwt-9.24.4.jar Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header valu...

7.5CVSS6.5AI score0.00814EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/02 6:53 p.m.8 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by an Uncontrolled Recursion Vulnerability in Connect2id Nimbus JOSE + JWT (CVE-2025-53864)

Summary Connect2id Nimbus JOSE + JWT is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of integrating with OpenID Connect providers OIDC and is affected by an Uncontrolled Recursion Vulnerability. CVE-2025-53864. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id...

5.8CVSS6.5AI score0.00806EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/01 11:7 a.m.8 views

Security Bulletin: Due to use of Connect2id Nimbus JOSE+JWT, IBM Watson Studio in Cloud Pak for Data is affected by denial of service

Summary Connect2id Nimbus JOSE+JWT is used by Watson Studio in Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration cou...

7.5CVSS7.9AI score0.00814EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/04 6:37 a.m.7 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - In Connect2id Nimbus JOSE+JWT, an attacker can cause a denial of service

Summary Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter PBKDF2 component. By sending a specially crafted request using a large JWE p2c header, a remote attacker could exploit this vulnerability to cause ...

7.5CVSS6AI score0.00814EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/07/11 3:30 a.m.2 views

GHSA-XWMG-2G98-W7V9 Nimbus JOSE + JWT is vulnerable to DoS attacks when processing deeply nested JSON

Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the...

5.8CVSS6.9AI score0.00806EPSS
Exploits0References7
OSV
OSV
added 2025/07/11 3:16 a.m.9 views

CVE-2025-53864

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...

5.8CVSS7AI score0.00806EPSS
Exploits0References5
OSV
OSV
added 2025/07/11 3:16 a.m.5 views

UBUNTU-CVE-2025-53864

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...

5.8CVSS6.9AI score0.00806EPSS
Exploits0References5
Snyk
Snyk
added 2025/07/11 2:45 a.m.5 views

Uncontrolled Recursion

Overview com.nimbusds:nimbus-jose-jwt is a library for JSON Web Tokens JWT Affected versions of this package are vulnerable to Uncontrolled Recursion due to the improper handling JWT claim sets containing deeply nested JSON objects. An attacker can cause application downtime or resource exhaustio...

6.9CVSS6.9AI score0.00806EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/11 12:0 a.m.3 views

PT-2025-29195

Name of the Vulnerable Software and Affected Versions: Connect2id Nimbus JOSE + JWT versions prior to 10.0.2 Description: The software is susceptible to a denial-of-service condition triggered by a deeply nested JSON object within a JWT claim set. This occurs due to uncontrolled recursion during...

5.8CVSS7.3AI score0.00806EPSS
Exploits0References16
CNNVD
CNNVD
added 2025/07/11 12:0 a.m.5 views

Connect2id Nimbus JOSE + JWT 安全漏洞

Connect2id Nimbus JOSE + JWT is a Java library from Connect2id. A security vulnerability exists in Connect2id Nimbus JOSE + JWT versions prior to 10.0.2, which stems from improper handling of nested JSON objects and could lead to a denial of service attack...

5.8CVSS6.5AI score0.00806EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/07/11 12:0 a.m.6 views

CVE-2025-53864

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...

5.8CVSS6.9AI score0.00806EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 6:59 a.m.13 views

CVE-2017-12973

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack...

4.3CVSS6.5AI score0.00637EPSS
Exploits0References1
Rows per page
Query Builder