Lucene search
K

34 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 10:57 a.m.21 views

Security Bulletin: IBM Operational Decision Manager for April 2026 - Multiple CVEs addressed

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Operational Decision Manager Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS conditio...

9.8CVSS7.1AI score0.01146EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 9:8 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty was affected by denial of service due to jose4j (CVE-2024-29371)

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty was affected by denial of service due to jose4j CVE-2024-29371. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

7.5CVSS7.2AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 6:38 a.m.8 views

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty may be affected by a denial of service due to jose4j (CVE-2024-29371)

Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and WebSphere Application Server Liberty. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test...

7.5CVSS5.7AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 10:46 a.m.5 views

Security Bulletin: jose4j JWE Decompression DoS Vulnerability (Fixed in 0.9.6), affects watsonx.data

Summary n jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time...

7.5CVSS5.9AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 9:6 a.m.4 views

Security Bulletin: IBM Content Navigator is affected by Jose4J

Summary IBM Content Navigator is affected by CVE-2023-51775, an Uncontrolled Resource Consumption vulnerability CWE-400 in the jose4j library prior to version 0.9.4. An attacker can trigger excessive CPU consumption and denial of service by supplying a large PBES2 iteration count p2c parameter in...

6.5CVSS6.9AI score0.00879EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/25 4:35 p.m.11 views

Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty, are bundled with WebSphere Remote Server, are affected by a denial of service due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM WebSphere Application Server and IBM WebSphere Application Server Liberty has been published in a security...

7.5CVSS5.8AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 9:44 p.m.7 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

7.5CVSS7.3AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 9:43 p.m.7 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affecte...

7.5CVSS7.3AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 9:41 p.m.8 views

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

7.5CVSS7.3AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 9:38 p.m.8 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak For Applications, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak For Applications, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...

7.5CVSS7.3AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 9:34 p.m.7 views

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j (CVE-2024-29371)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM WebSphere Hybrid Edition, is affected by a denial of service vulnerability due to jose4j. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

7.5CVSS7.3AI score0.00244EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/25 7:18 p.m.6 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a denial of service due to jose4j (CVE-2024-29371)

Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and WebSphere Application Server Liberty. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting...

7.5CVSS5.5AI score0.00244EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/27 12:5 a.m.4 views

CVE-2024-29371

In jose4j before 0.9.5, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

7.5CVSS6.8AI score0.00244EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2025/12/17 6:31 p.m.7 views

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0), androidx.baselineprofile.apptarget:androidx.baselineprofile.apptarget.gradle.plugin (>=1.2.0-alpha12 <=1.2.0-alpha14) +2661 more potentially affected by CVE-2024-29371 via org.bitbucket.b_c:jose4j (>=0.4.1 <=0.9.5)

org.bitbucket.bc:jose4j MAVEN version =0.4.1, =4.4.0.0, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha07, =1.2.0-alpha12, =1.2.0-alpha07, =2.6.0, =2.6.0, =2.6.0, =1.0.0-alpha01, =1.0.0-alpha01,...

7.5CVSS6.8AI score0.00244EPSS
Exploits1
EUVD
EUVD
added 2025/12/17 6:31 p.m.5 views

EUVD-2024-26381

In jose4j before 0.9.5, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

7.5CVSS6.3AI score0.00244EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/12/17 4:42 p.m.8 views

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0), androidx.baselineprofile.apptarget:androidx.baselineprofile.apptarget.gradle.plugin (>=1.2.0-alpha12 <=1.2.0-alpha14) +2661 more potentially affected by CVE-2024-29371 via org.bitbucket.b_c:jose4j (>=0.4.1 <=0.9.5)

org.bitbucket.bc:jose4j MAVEN version =0.4.1, =4.4.0.0, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha07, =1.2.0-alpha12, =1.2.0-alpha07, =2.6.0, =2.6.0, =2.6.0, =1.0.0-alpha01, =1.0.0-alpha01,...

7.5CVSS6.8AI score0.00244EPSS
Exploits1
Snyk
Snyk
added 2025/12/17 4:42 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview org.bitbucket.bc:jose4j is a robust and easy to use open source implementation of JSON Web Token JWT and the JOSE specification suite JWS, JWE, and JWK. It is written in Java and relies solely on the JCA APIs for cryptography. Please see https://bitbucket.org/bc/jose4j/wiki/Home for more...

8.7CVSS6.7AI score0.00244EPSS
Exploits1References2
OSV
OSV
added 2025/12/17 4:16 p.m.3 views

DEBIAN-CVE-2024-29371

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

7.5CVSS7.6AI score0.00244EPSS
Exploits1References1
OSV
OSV
added 2025/12/17 4:16 p.m.2 views

UBUNTU-CVE-2024-29371

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

7.5CVSS5.8AI score0.00244EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.4 views

jose4j 安全漏洞

jose4j is a powerful and easy-to-use open source implementation of the JSON Web Token JWT and the JOSE suite of specifications JWS, JWE, and JWK from Bitbucket Open Source. A security vulnerability exists in jose4j versions prior to 0.9.5, which stems from an attacker being able to construct...

7.5CVSS6.2AI score0.00244EPSS
Exploits1References3
Rows per page
Query Builder