Security Bulletin: A nimbus-jose-jwt-9.37.3.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in nimbus-jose-jwt-9.37.3.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before...

DoS (Denial of Service) com.nimbusds:nimbus-jose-jwt Dependency in Crucible Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 4.8.0, 4.9.0 of Crucible Data Center and Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Connect2id Nimbus JOSE + JWT (CVE-2025-53864)

Summary A vulnerability in Connect2id Nimbus JOSE + JWT that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of...

EUVD-2022-4754

Malicious code in bioql PyPI...

Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Nimbus JOSE+JWT library which is vulnerable to CVE-2025-53864

Summary Security Bulletin: IBM Maximo Application Suite Ai-Service Component uses Nimbus JOSE+JWT library which is vulnerable to CVE-2025-53864. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id Nimbu...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in nimbus-jose-jwt-9.24.4.jar

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of nimbus-jose-jwt-9.24.4.jar Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header valu...

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by an Uncontrolled Recursion Vulnerability in Connect2id Nimbus JOSE + JWT (CVE-2025-53864)

Summary Connect2id Nimbus JOSE + JWT is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of integrating with OpenID Connect providers OIDC and is affected by an Uncontrolled Recursion Vulnerability. CVE-2025-53864. Vulnerability Details CVEID:CVE-2025-53864 DESCRIPTION: Connect2id...

Security Bulletin: Due to use of Connect2id Nimbus JOSE+JWT, IBM Watson Studio in Cloud Pak for Data is affected by denial of service

Summary Connect2id Nimbus JOSE+JWT is used by Watson Studio in Cloud Pak for Data. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration cou...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - In Connect2id Nimbus JOSE+JWT, an attacker can cause a denial of service

Summary Connect2id Nimbus-JOSE-JWT is vulnerable to a denial of service, caused by improper validation of user requests by the PasswordBasedDecrypter PBKDF2 component. By sending a specially crafted request using a large JWE p2c header, a remote attacker could exploit this vulnerability to cause ...

CVE-2025-53864

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...

UBUNTU-CVE-2025-53864

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...

Uncontrolled Recursion

Overview com.nimbusds:nimbus-jose-jwt is a library for JSON Web Tokens JWT Affected versions of this package are vulnerable to Uncontrolled Recursion due to the improper handling JWT claim sets containing deeply nested JSON objects. An attacker can cause application downtime or resource exhaustio...

CVE-2025-53864

Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2i...

Connect2id Nimbus JOSE + JWT 安全漏洞

Connect2id Nimbus JOSE + JWT is a Java library from Connect2id. A security vulnerability exists in Connect2id Nimbus JOSE + JWT versions prior to 10.0.2, which stems from improper handling of nested JSON objects and could lead to a denial of service attack...

CVE-2017-12973

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

Summary IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin. Vulnerability Details CVEID:CVE-2017-12973 DESCRIPTION: Connect2id Nimbus JOSE+JWT could provide...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Nimbus-JOSE-JWT

Summary A vulnerability has been identified in Nimbus-JOSE-JWT-7.9, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2023-52428 DESCRIPTION: Connect2id...

nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...

Atlassian Confluence 7.19.x < 7.19.23 / 7.20.x < 8.5.11 / 8.6.x < 8.6.2 / 8.7.x < 8.7.2 / 8.8.x < 8.9.3 (CONFSERVER-98231)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-98231 advisory. - In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka...

nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...