Published: 15/10/2019 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

Vulnerable Product	Search on Vulmon	Subscribe to Product
connect2id nimbus jose\\+jwt
apache hadoop 3.2.1
oracle solaris cluster 4.0
oracle weblogic server 12.2.1.3.0
oracle weblogic server 12.2.1.4.0
oracle peoplesoft enterprise peopletools 8.58
oracle enterprise manager base platform 13.4.0.0
oracle primavera gateway 19.12.0
oracle data integrator 12.2.1.4.0
oracle peoplesoft enterprise peopletools 8.59
oracle primavera gateway
oracle communications pricing design center 12.0.0.3.0
oracle jd edwards enterpriseone tools
oracle policy automation
oracle communications cloud native core security edge protection proxy 1.7.0
oracle insurance policy administration
oracle healthcare data repository 8.1.0
oracle jd edwards enterpriseone orchestrator

Synopsis Low: Red Hat Virtualization Engine security, bug fix 439 Type/Severity Security Advisory: Low Topic An update is now available for Red Hat Virtualization Engine 43Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...

Synopsis Important: RHV Manager (ovirt-engine) 44 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated ovirt-engine packages that fix several bugs and add various enhancements are now availableRed Hat Product Security has rated this update as having a security ...

Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2019-17195, CVE-2020-10718, CVE-2020-10734, CVE-2020-10746, CVE-2020-10776, CVE-2020-25638, CVE-2020-25689, CVE-2020-27822, CVE-2021-32027 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

CWE-755 https://connect2id.com/blog/nimbus-jose-jwt-7-9 https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2021.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3Ccommon-issues.hadoop.apache.org%3E https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3Ccommon-dev.hadoop.apache.org%3E https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3Cdev.avro.apache.org%3E https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3Cdev.avro.apache.org%3E https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3Ccommits.druid.apache.org%3E https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:1308 https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2021-124/index.html

CVE-2019-17195

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect