Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/06/03 8:30 a.m.61 views

Security Bulletin: Three vulnerabilities in Nimbus JOSE+JWT affect IBM Spectrum Conductor

Summary There are three vulnerabilities in Nimbus JOSE+JWT 3.1.2 used by IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0 and IBM Spectrum Conductor 2.3.0. IBM Spectrum Conductor 2.4.1, IBM Spectrum Conductor 2.4.0 and IBM Spectrum Conductor 2.3 have addressed the applicable CVEs...

7.5CVSS1AI score0.01256EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/04/17 8:4 a.m.38 views

Security Bulletin: Multiple vulnerabilities in Nimbus-JOSE-JWT affect IBM Spectrum Symphony

Summary Multiple vulnerabilities exist in the Nimbus-JOSE-JWT used by IBM Spectrum Symphony V7.3 and V7.2.1. Interim fixes that provide instructions on upgrading the nimbus-jose-jwt package to version 8.10 are available on IBM Fix Central. Vulnerability Details CVEID: CVE-2017-12974 DESCRIPTION:...

7.5CVSS0.9AI score0.01256EPSS
Exploits1Affected Software1
OSV
OSV
added 2018/06/04 7:29 p.m.16 views

CVE-2017-16007

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key...

5.9CVSS5.9AI score
Exploits0References4
CVE
CVE
added 2018/06/04 7:0 p.m.64 views

CVE-2017-16007

CVE-2017-16007 affects the node-jose library prior to 0.9.3, where JWE with ECDH-ES can permit an invalid-curve attack and allow recovery of the private key. The vulnerability is described across NVD, OSV, GHSA, and IBM advisories, which also recommend upgrading to 0.9.3 or later as the remediati...

5.9CVSS5.8AI score0.00928EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder