4 matches found
Security Bulletin: IBM Security Verify Access is vulnerable to execute arbitrary code due to jsr-sasign component. [CVE-2022-25898]
Summary jsr-sasign is used by IBM Security Verify Access product. This has been fixed by updating the version used by IBM Security Verify Access. CVE-2022-25898 Vulnerability Details CVEID:CVE-2022-25898 DESCRIPTION: Node.js jsrsasign module could allow a remote attacker to execute arbitrary code...
CVE-2022-25898
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has...
CVE-2022-25898 Improper Verification of Cryptographic Signature
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has...
CVE-2022-25898
The CVE-2022-25898 entry concerns the jsrsasign library (pre-10.5.25) where JWS/JWT signatures with non Base64URL-encoded or escaped characters may be validated as valid. Affected component: jsrsasign; root cause: improper verification of cryptographic signatures. Impact (per sources): potential ...