Lucene search
+L

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/06/04 9:15 a.m.28 views

Security Bulletin: Vulnerability in jjwt may affect IBM Business Automation Workflow - CVE-2024-31033

Summary IBM Business Automation Workflow packages a vulnerable copy of jjwt. Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka Java JWT has an unknown impact and attack vector. CVSS Base score: 6.8 CVSS Temporal Score:...

6.8CVSS6.6AI score0.00776EPSS
Exploits0Affected Software2
RedhatCVE
RedhatCVE
added 2025/05/23 7:39 a.m.13 views

CVE-2024-31033

JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...

6.8CVSS7.1AI score0.00776EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/26 6:46 p.m.9 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in JWT

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of JWT Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka Java JWT has an unknown impact and attack vector. CWE:CWE-327: Use of a Broken or Risky...

6.8CVSS6.4AI score0.00776EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/09 5:50 a.m.26 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is affected by Java JWT vulnerability

Summary IBM Sterling Connect:Direct Web Service is vulnerable to JJWT version 0.9.1. Connect:Direct Web Services has upgraded to version 0.12.5 to address CVE-2024-31033. Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka...

6.8CVSS6.8AI score0.00776EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/04/01 2:15 a.m.14 views

CVE-2024-31033

JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...

6.8CVSS8.8AI score0.00776EPSS
Exploits0References4
CVE
CVE
added 2024/04/01 12:0 a.m.862 views

CVE-2024-31033

CVE-2024-31033 concerns the JJWT (Java JWT) library up to version 0.12.5, where an issue in signing/verification could lead a user to falsely believe a key is strong due to ignored characters in signing operations (setSigningKey in DefaultJwtParser and signWith in DefaultJwtBuilder). IBM and Red ...

6.8CVSS6.9AI score0.00776EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/04/01 12:0 a.m.28 views

CVE-2024-31033

JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...

7AI score0.00776EPSS
Exploits0References4
OSV
OSV
added 2024/04/01 12:0 a.m.61 views

CVE-2024-31033

JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...

6.8CVSS7AI score0.00776EPSS
Exploits0References6
Rows per page
Query Builder