13 matches found
Security Bulletin: Multiple vulnerabilities in jsonwebtoken package affects Data Replication on Cloud Pak for Data
Summary Multiple vulnerabilities in jsonwebtoken package used in Data Replication on Cloud Pak for Data was addressed. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to bypassing of security restrictions due to [CVE-2022-23539], [CVE-2022-23540] and [CVE-2022-23541]
Summary Node.js module Auth0 jsonwebtoken is used by IBM App Connect Enterprise Certified Container for generating, parsing and verifying JWTs. IBM App Connect Enterprise Certified Container operands may be vulnerable to bypassing of security restrictions. This bulletin provides patch information...
Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common...
Security Bulletin: IBM Security Verify Information Queue has multiple third-party library vulnerabilities
Summary IBM Security Verify Information Queue ISIQ v10.0.5 has remediated vulnerabilities in the third-party libraries that it uses. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not...
Security Bulletin: IBM Event Streams is affected by vulnerabilities in the jsonwebtoken package (CVE-2022-23529, CVE-2022-23539, CVE-2022-23540, CVE-2022-23541)
Summary These security vulnerabilities affect jsonwebtoken that is used by the IBM Event Streams UI component. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementati...
Security Bulletin: Maximo Application Suite uses jsonwebtoken package which is vulnerable to CVE-2022-23541, CVE-2022-23539, CVE-2022-23529 and CVE-2022-23540
Summary There are four vulnerabilities in jsonwebtoken-8.5.1.tgz used by IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementation of ke...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in jsonwebtoken
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in jsonwebtoken with details below. Vulnerability Details CVEID:CVE-2022-23540 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass securit...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by a vulnerability in JSON Web Token
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of JSON Web Token. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure...
Security Bulletin: Vulnerabilities in jsonwebtoken affects IBM Watson Assistant for IBM Cloud Pak for Data
Summary Potential vulnerabilities in Jsonwebtoken has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacke...
Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to jsonwebtoken CVEs
Summary There are multiple vulnerabilities in JSON Web Token implementation used by IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoke...
CVE-2022-23540
In versions =8.5.1 of jsonwebtoken library, lack of algorithm definition in the jwt.verify function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Users are affected if you do not specify algorithms in the jwt.verify function. This issu...
CVE-2022-23540 jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
In versions =8.5.1 of jsonwebtoken library, lack of algorithm definition in the jwt.verify function can lead to signature validation bypass due to defaulting to the none algorithm for signature verification. Users are affected if you do not specify algorithms in the jwt.verify function. This issu...
CVE-2022-23540
CVE-2022-23540 affects the jsonwebtoken library. In versions