4 matches found
Security Bulletin: Three vulnerabilities in Nimbus JOSE+JWT affect IBM Spectrum Conductor
Summary There are three vulnerabilities in Nimbus JOSE+JWT 3.1.2 used by IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0 and IBM Spectrum Conductor 2.3.0. IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0 and IBM Spectrum Conductor 2.3 have addressed the applicable CVEs...
Security Bulletin: Multiple vulnerabilities in Nimbus-JOSE-JWT affect IBM Spectrum Symphony
Summary Multiple vulnerabilities exist in the Nimbus-JOSE-JWT used by IBM Spectrum Symphony V7.3 and V7.2.1. Interim fixes that provide instructions on upgrading the nimbus-jose-jwt package to version 8.10 are available on IBM Fix Central. Vulnerability Details CVEID: CVE-2017-12974 DESCRIPTION:...
CVE-2017-16007
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key...
CVE-2017-16007
CVE-2017-16007 affects the node-jose library prior to 0.9.3, where JWE with ECDH-ES can permit an invalid-curve attack and allow recovery of the private key. The vulnerability is described across NVD, OSV, GHSA, and IBM advisories, which also recommend upgrading to 0.9.3 or later as the remediati...