Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.8 views

IBM MQ DoS (7271937)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7271937 advisory. - In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...

7.5CVSS7.3AI score0.00244EPSS
Exploits1References2
Atlassian
Atlassian
added 2026/04/08 4:29 a.m.23 views

DoS (Denial of Service) org.bitbucket.b_c:jose4j Dependency in Confluence Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.2.14, 9.3.1, 9.4.0, 9.5.1, and 10.2.3 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS5.7AI score0.00244EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/12 6:9 a.m.4 views

Security Bulletin: IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service

Summary A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager CVE-2024-29371 Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS...

7.5CVSS5.7AI score0.00244EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2026/02/26 9:3 a.m.5 views

Denial Of Service (DoS)

org.bitbucket.bc:jose4j is vulnerable to a Denial-of-Service DoS. The vulnerability is due to improper handling of highly compressed JSON Web Encryption JWE tokens, which allows an attacker to supply a malicious token with an excessive compression ratio that triggers significant memory allocation...

7.5CVSS6AI score0.00244EPSS
Exploits1References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/09 3:40 p.m.10 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Denial-of-Service (DoS) due to use of jose4j library

Summary jose.4.j library in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the secure token-based authentication and encryption mechanisms. CVE-2024-29371. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.5, an attacker can cause a...

7.5CVSS6.8AI score0.00244EPSS
Exploits1Affected Software1
NVD
NVD
added 2025/12/17 4:16 p.m.6 views

CVE-2024-29371

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

7.5CVSS0.00244EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/10/14 6:1 p.m.5 views

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

6.5CVSS7.1AI score0.00879EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/07/25 3:4 p.m.4 views

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

6.5CVSS7.1AI score0.00879EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/07/08 10:19 p.m.3 views

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

6.5CVSS7.1AI score0.00879EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/10 7:30 p.m.27 views

Security Bulletin: IBM Master Data Management affected by vulnerabilities in IBM WebSphere Application Server (CVE-2023-51775)

Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability in WebSphere Application Server . IBM WebSphere Application uses the jose4j library which was found to be vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2...

6.5CVSS6.6AI score0.00879EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2024/06/03 11:52 a.m.4 views

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

6.5CVSS7.1AI score0.00879EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/15 8:36 a.m.53 views

Security Bulletin: IBM QRadar SIEM protocols are vulnerable to information exposure and denial of service (CVE-2023-31582, CVE-2023-51775)

Summary The Jose4j library is vulnerable to a denial of service, caused by improper input validation. It could also allow a remote attacker to obtain sensitive information using cryptographic attacks. Vulnerability Details CVEID:CVE-2023-31582 DESCRIPTION: Jose4J could allow a remote attacker to...

7.5CVSS7.8AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/10 6:58 p.m.30 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications, are vulnerable to a denial of service due to jose4j (CVE-2023-51775)

Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and used by the IBM WebSphere Application Server Liberty, which are bundled with IBM Cloud Pak for Applications. Vulnerability Details Refer to the security bulletins listed in the...

6.5CVSS6.6AI score0.00879EPSS
Exploits1Affected Software1
NCSC
NCSC
added 2024/04/05 12:0 a.m.4 views

Vulnerability fixed in IBM Websphere Application Server

IBM has fixed a vulnerability in Websphere Application Server. The vulnerability is located in the underlying jose4j library and allows an unauthenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerability in Websphere Application Server. For...

6.5CVSS7AI score0.00879EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/19 4:14 p.m.16 views

Security Bulletin: IBM Content Navigator is vulnerable to an Elliptic Curve Key Disclosure.

Summary IBM Content Navigator has addressed the following vulnerability. A potential vulnerability in the jose4j module could allow information disclosure. Vulnerability Details Third Party Entry: 186425 DESCRIPTION: jose.4.j library key information disclosure CVSS Base score: 8.7 CVSS Temporal...

2AI score
Exploits0Affected Software1
Rows per page
Query Builder