Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/06/03 8:30 a.m.61 views

Security Bulletin: Three vulnerabilities in Nimbus JOSE+JWT affect IBM Spectrum Conductor

Summary There are three vulnerabilities in Nimbus JOSE+JWT 3.1.2 used by IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0 and IBM Spectrum Conductor 2.3.0. IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0 and IBM Spectrum Conductor 2.3 have addressed the applicable CVEs...

7.5CVSS1AI score0.01256EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/17 8:4 a.m.38 views

Security Bulletin: Multiple vulnerabilities in Nimbus-JOSE-JWT affect IBM Spectrum Symphony

Summary Multiple vulnerabilities exist in the Nimbus-JOSE-JWT used by IBM Spectrum Symphony V7.3 and V7.2.1. Interim fixes that provide instructions on upgrading the nimbus-jose-jwt package to version 8.10 are available on IBM Fix Central. Vulnerability Details CVEID: CVE-2017-12974 DESCRIPTION:...

7.5CVSS0.9AI score0.01256EPSS
Exploits1Affected Software1
OSV
OSV
added 2017/08/20 4:29 p.m.19 views

CVE-2017-12974

Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation...

7.5CVSS6.6AI score
Exploits0References4
CVE
CVE
added 2017/08/20 4:0 p.m.88 views

CVE-2017-12974

CVE-2017-12974 is a confirmed Nimbus JOSE+JWT vulnerability where ECKey construction proceeds without validating that public x/y coordinates lie on the specified curve, enabling an Invalid Curve Attack in environments lacking curve validation. Connected documents confirm this issue across multipl...

7.5CVSS7.3AI score0.01256EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder