8 matches found
Security Bulletin: Vulnerability in jjwt may affect IBM Business Automation Workflow - CVE-2024-31033
Summary IBM Business Automation Workflow packages a vulnerable copy of jjwt. Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka Java JWT has an unknown impact and attack vector. CVSS Base score: 6.8 CVSS Temporal Score:...
CVE-2024-31033
JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in JWT
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of JWT Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka Java JWT has an unknown impact and attack vector. CWE:CWE-327: Use of a Broken or Risky...
Security Bulletin: IBM Sterling Connect:Direct Web Service is affected by Java JWT vulnerability
Summary IBM Sterling Connect:Direct Web Service is vulnerable to JJWT version 0.9.1. Connect:Direct Web Services has upgraded to version 0.12.5 to address CVE-2024-31033. Vulnerability Details CVEID:CVE-2024-31033 DESCRIPTION: An unspecified error with ignoring certain characters in jwtk JJWT aka...
CVE-2024-31033
JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...
CVE-2024-31033
CVE-2024-31033 concerns the JJWT (Java JWT) library up to version 0.12.5, where an issue in signing/verification could lead a user to falsely believe a key is strong due to ignored characters in signing operations (setSigningKey in DefaultJwtParser and signWith in DefaultJwtBuilder). IBM and Red ...
CVE-2024-31033
JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...
CVE-2024-31033
JJWT aka Java JWT through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey method within the DefaultJwtParser class and the signWith method within the DefaultJwtBuilder class. NOTE: the vendor disputes thi...