Lucene search
K

12 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/11/07 9:50 p.m.36 views

Security Bulletin: Multiple vulnerabilities in jsonwebtoken package affects Data Replication on Cloud Pak for Data

Summary Multiple vulnerabilities in jsonwebtoken package used in Data Replication on Cloud Pak for Data was addressed. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure...

8.1CVSS7.2AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/28 3:32 p.m.45 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to bypassing of security restrictions due to [CVE-2022-23539], [CVE-2022-23540] and [CVE-2022-23541]

Summary Node.js module Auth0 jsonwebtoken is used by IBM App Connect Enterprise Certified Container for generating, parsing and verifying JWTs. IBM App Connect Enterprise Certified Container operands may be vulnerable to bypassing of security restrictions. This bulletin provides patch information...

8.1CVSS6.6AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/16 4:18 p.m.27 views

Security Bulletin: IBM Security Verify Information Queue has multiple third-party library vulnerabilities

Summary IBM Security Verify Information Queue ISIQ v10.0.5 has remediated vulnerabilities in the third-party libraries that it uses. Vulnerability Details CVEID:CVE-2022-41946 DESCRIPTION: Postgresql JDBC could allow a local authenticated attacker to obtain sensitive information, caused by not...

8.8CVSS9.4AI score0.95302EPSS
Exploits14Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/04/04 7:11 a.m.80 views

Security Bulletin: IBM Event Streams is affected by vulnerabilities in the jsonwebtoken package (CVE-2022-23529, CVE-2022-23539, CVE-2022-23540, CVE-2022-23541)

Summary These security vulnerabilities affect jsonwebtoken that is used by the IBM Event Streams UI component. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementati...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/27 8:8 p.m.57 views

Security Bulletin: Maximo Application Suite uses jsonwebtoken package which is vulnerable to CVE-2022-23541, CVE-2022-23539, CVE-2022-23529 and CVE-2022-23540

Summary There are four vulnerabilities in jsonwebtoken-8.5.1.tgz used by IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure implementation of ke...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/03 3:36 p.m.33 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in jsonwebtoken

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in jsonwebtoken with details below. Vulnerability Details CVEID:CVE-2022-23540 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass securit...

8.1CVSS6.6AI score0.00753EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/24 1:19 p.m.62 views

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by a vulnerability in JSON Web Token

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of JSON Web Token. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacker to bypass security restrictions, caused by an insecure...

8.1CVSS7.2AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/21 7:11 p.m.35 views

Security Bulletin: Vulnerabilities in jsonwebtoken affects IBM Watson Assistant for IBM Cloud Pak for Data

Summary Potential vulnerabilities in Jsonwebtoken has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoken could allow a remote authenticated attacke...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/17 7:47 a.m.39 views

Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to jsonwebtoken CVEs

Summary There are multiple vulnerabilities in JSON Web Token implementation used by IBM Decision Optimization in IBM Cloud Pak for Data. IBM Decision Optimization in IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-23541 DESCRIPTION: Auth0 jsonwebtoke...

8.1CVSS7.5AI score0.00753EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/12/22 6:15 p.m.23 views

CVE-2022-23541

jsonwebtoken is an implementation of JSON Web Tokens. Versions = 8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There i...

6.3CVSS0.00753EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/12/22 5:52 p.m.24 views

CVE-2022-23541 jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

jsonwebtoken is an implementation of JSON Web Tokens. Versions = 8.5.1 of jsonwebtoken library can be misconfigured so that passing a poorly implemented key retrieval function referring to the secretOrPublicKey argument from the readme link will result in incorrect verification of tokens. There i...

5CVSS6.4AI score0.00753EPSS
Exploits0References4
CVE
CVE
added 2022/12/22 5:52 p.m.216 views

CVE-2022-23541

CVE-2022-23541 affects jsonwebtoken library (

6.3CVSS5.8AI score0.00753EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder