Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 4:8 p.m.118 views

Security Bulletin: IBM Security Verify Access is vulnerable to execute arbitrary code due to jsr-sasign component. [CVE-2022-25898]

Summary jsr-sasign is used by IBM Security Verify Access product. This has been fixed by updating the version used by IBM Security Verify Access. CVE-2022-25898 Vulnerability Details CVEID:CVE-2022-25898 DESCRIPTION: Node.js jsrsasign module could allow a remote attacker to execute arbitrary code...

9.8CVSS9AI score0.01096EPSS
Exploits1Affected Software1
NVD
NVD
added 2022/07/01 8:15 p.m.52 views

CVE-2022-25898

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has...

9.8CVSS0.01096EPSS
Exploits1References6
CVE
CVE
added 2022/07/01 8:2 p.m.97 views

CVE-2022-25898

The CVE-2022-25898 entry concerns the jsrsasign library (pre-10.5.25) where JWS/JWT signatures with non Base64URL-encoded or escaped characters may be validated as valid. Affected component: jsrsasign; root cause: improper verification of cryptographic signatures. Impact (per sources): potential ...

9.8CVSS8.7AI score0.01096EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2022/07/01 8:2 p.m.48 views

CVE-2022-25898 Improper Verification of Cryptographic Signature

The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has...

7.7CVSS9.7AI score0.01096EPSS
Exploits1References6
Rows per page
Query Builder