Lucene search
K

13 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/11/07 9:50 p.m.36 views

Security Bulletin: Multiple vulnerabilities in jsonwebtoken package affects Data Replication on Cloud Pak for Data

Summary Multiple vulnerabilities in jsonwebtoken package used in Data Replication on Cloud Pak for Data was addressed. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure...

8.1CVSS7.2AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/16 4:18 p.m.27 views

Security Bulletin: IBM Security Verify Information Queue has multiple third-party library vulnerabilities

Summary IBM Security Verify Information Queue ISIQ v10.0.5 has remediated vulnerabilities in the third-party libraries that it uses. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not...

8.8CVSS9.4AI score0.95302EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 7:11 a.m.80 views

Security Bulletin: IBM Event Streams is affected by vulnerabilities in the jsonwebtoken package (CVE-2022-23529, CVE-2022-23539, CVE-2022-23540, CVE-2022-23541)

Summary These security vulnerabilities affect jsonwebtoken that is used by the IBM Event Streams UI component. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementati...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/27 8:8 p.m.57 views

Security Bulletin: Maximo Application Suite uses jsonwebtoken package which is vulnerable to CVE-2022-23541, CVE-2022-23539, CVE-2022-23529 and CVE-2022-23540

Summary There are four vulnerabilities in jsonwebtoken-8.5.1.tgz used by IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementation of ke...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/24 1:19 p.m.62 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by a vulnerability in JSON Web Token

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of JSON Web Token. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure...

8.1CVSS7.2AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/21 7:11 p.m.35 views

Security Bulletin: Vulnerabilities in jsonwebtoken affects IBM Watson Assistant for IBM Cloud Pak for Data

Summary Potential vulnerabilities in Jsonwebtoken has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacke...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/17 7:47 a.m.39 views

Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to jsonwebtoken CVEs

Summary There are multiple vulnerabilities in JSON Web Token implementation used by IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoke...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/31 10:30 a.m.34 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to jsonwebtoken CVE-2022-23529

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to jsonwebtoken CVE-2022-23529 with details Vulnerability Details CVEID:CVE-2022-23529 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to execute arbitrary code on the...

8.3AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/01/13 12:0 a.m.76 views

Auth0 JsonWebtoken < 9.0.0 Arbitrary File Write (deprecated)

This plugin has been deprecated because CVE-2022-23529 has been rejected, and this is no longer considered a vulnerability %NASLMINLEVEL 80900 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2023/02/24. Deprecated because the asscociated CCVE was rejected. This is no longer considered a...

6.8AI score
Exploits0References2
hivepro
hivepro
added 2023/01/10 12:11 p.m.56 views

New Vulnerability Found in the JsonWebToken Open-Source Project

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new high-severity vulnerability named CVE-2022-23529 has been discovered in the popular JsonWebToken open-source package. This vulnerability allows attackers to execute remote code on servers th...

5.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/10 8:54 a.m.172 views

Severe Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ Projects

UPDATE: CVE-2022-23529 Retracted Following Review Auth0 and Unit 42 said they are formally retracting CVE-2022-23529 CVSS score: 7.6 based on the fact that several prerequisites are essential for exploitation. The cybersecurity company said "important security checks" have been added to fix the...

Exploits0
Circl
Circl
added 2022/12/22 12:13 a.m.8 views

CVE-2022-23529

creationtimestamp| type| source ---|---|--- 2022-12-22 00:13:06+00:00| seen| https://t.me/cibsecurity/55088 2023-01-10 09:57:13+00:00| seen| https://t.me/thehackernews/2935 2023-01-10 13:38:05+00:00| seen| https://t.me/truesecator/3917 2023-01-10 22:40:22+00:00| published-proof-of-concept|...

6.9AI score
Exploits0References16
CVE
CVE
added 2022/12/21 8:50 p.m.236 views

CVE-2022-23529

CVE-2022-23529 is rejected/not used and does not represent an active vulnerability entry.

9AI score
Exploits0
Rows per page
Query Builder