Lucene search
K

13 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/11/07 9:50 p.m.36 views

Security Bulletin: Multiple vulnerabilities in jsonwebtoken package affects Data Replication on Cloud Pak for Data

Summary Multiple vulnerabilities in jsonwebtoken package used in Data Replication on Cloud Pak for Data was addressed. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure...

8.1CVSS7.2AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 3:32 p.m.45 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to bypassing of security restrictions due to [CVE-2022-23539], [CVE-2022-23540] and [CVE-2022-23541]

Summary Node.js module Auth0 jsonwebtoken is used by IBM App Connect Enterprise Certified Container for generating, parsing and verifying JWTs. IBM App Connect Enterprise Certified Container operands may be vulnerable to bypassing of security restrictions. This bulletin provides patch information...

8.1CVSS6.6AI score0.00753EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2023/06/21 3:22 p.m.69 views

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

9.1CVSS6.8AI score0.24928EPSS
Exploits10References200
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/16 4:18 p.m.27 views

Security Bulletin: IBM Security Verify Information Queue has multiple third-party library vulnerabilities

Summary IBM Security Verify Information Queue ISIQ v10.0.5 has remediated vulnerabilities in the third-party libraries that it uses. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not...

8.8CVSS9.4AI score0.95302EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 7:11 a.m.80 views

Security Bulletin: IBM Event Streams is affected by vulnerabilities in the jsonwebtoken package (CVE-2022-23529, CVE-2022-23539, CVE-2022-23540, CVE-2022-23541)

Summary These security vulnerabilities affect jsonwebtoken that is used by the IBM Event Streams UI component. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementati...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/27 8:8 p.m.57 views

Security Bulletin: Maximo Application Suite uses jsonwebtoken package which is vulnerable to CVE-2022-23541, CVE-2022-23539, CVE-2022-23529 and CVE-2022-23540

Summary There are four vulnerabilities in jsonwebtoken-8.5.1.tgz used by IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementation of ke...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/03 3:36 p.m.33 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in jsonwebtoken

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in jsonwebtoken with details below. Vulnerability Details CVEID:CVE-2022-23540 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass securit...

8.1CVSS6.6AI score0.00753EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/24 1:19 p.m.62 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by a vulnerability in JSON Web Token

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of JSON Web Token. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure...

8.1CVSS7.2AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/21 7:11 p.m.35 views

Security Bulletin: Vulnerabilities in jsonwebtoken affects IBM Watson Assistant for IBM Cloud Pak for Data

Summary Potential vulnerabilities in Jsonwebtoken has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacke...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/17 7:47 a.m.39 views

Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to jsonwebtoken CVEs

Summary There are multiple vulnerabilities in JSON Web Token implementation used by IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoke...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/12/22 7:15 p.m.23 views

CVE-2022-23540

In versions =8.5.1 of jsonwebtoken library, lack of algorithm definition in the jwt.verify function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Users are affected if you do not specify algorithms in the jwt.verify function. This issu...

7.6CVSS0.00532EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/12/22 6:2 p.m.19 views

CVE-2022-23540 jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()

In versions =8.5.1 of jsonwebtoken library, lack of algorithm definition in the jwt.verify function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Users are affected if you do not specify algorithms in the jwt.verify function. This issu...

6.4CVSS7AI score0.00532EPSS
Exploits0References3
CVE
CVE
added 2022/12/22 6:2 p.m.255 views

CVE-2022-23540

CVE-2022-23540 affects the jsonwebtoken library. In versions

7.6CVSS7AI score0.00532EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder