Security Bulletin: IBM Operational Decision Manager for April 2026 - Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Operational Decision Manager Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS conditio...

Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty was affected by denial of service due to jose4j (CVE-2024-29371)

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty was affected by denial of service due to jose4j CVE-2024-29371. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

IBM MQ DoS (7271937)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7271937 advisory. - In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...

Security Bulletin: WebSphere Application Server Liberty is affected by a denial of service due to jose4j used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2024-29371)

Summary WebSphere Application Server Liberty is affected by a denial of service due to jose4j used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service due to jose4j which is vulnerable to CVE-2024-29371.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty is affected by a denial of service due to jose4j which is vulnerable to CVE-2024-29371. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-29371...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty may be affected by a denial of service due to jose4j (CVE-2024-29371)

Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and WebSphere Application Server Liberty. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test...

Security Bulletin: jose4j JWE Decompression DoS Vulnerability (Fixed in 0.9.6), affects watsonx.data

Summary n jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time...

DoS (Denial of Service) org.bitbucket.b_c:jose4j Dependency in Confluence Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.2.14, 9.3.1, 9.4.0, 9.5.1, and 10.2.3 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

Security Bulletin: IBM Content Navigator is affected by Jose4J

Summary IBM Content Navigator is affected by CVE-2023-51775, an Uncontrolled Resource Consumption vulnerability CWE-400 in the jose4j library prior to version 0.9.4. An attacker can trigger excessive CPU consumption and denial of service by supplying a large PBES2 iteration count p2c parameter in...

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, are bundled with WebSphere Remote Server, are affected by a denial of service due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and IBM WebSphere Application Server Liberty has been published in a security...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak For Applications, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak For Applications, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2024-29371 Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS...

IBM WebSphere Application Server 8.5.5.3 < 8.5.5.30 / 9.x < 9.0.5.27 / Liberty 21.0.0.3 < 26.0.0.3 DoS (7261794)

The version of IBM WebSphere Application Server running on the remote host is affected by a DoS vulnerability as referenced in the 7261794 advisory. - In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is affected by a denial of service due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management JazzSM is affected by a denial of service due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|-...

Denial Of Service (DoS)

org.bitbucket.bc:jose4j is vulnerable to a Denial-of-Service DoS. The vulnerability is due to improper handling of highly compressed JSON Web Encryption JWE tokens, which allows an attacker to supply a malicious token with an excessive compression ratio that triggers significant memory allocation...