Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-12973 (GCVE-0-2017-12973)
Vulnerability from cvelistv5 – Published: 2017-08-20 16:00 – Updated: 2024-09-17 01:37
VLAI?
EPSS
Summary
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bitbucket.org/connect2id/nimbus-jose-jwt/… | x_refsource_CONFIRM |
| https://bitbucket.org/connect2id/nimbus-jose-jwt/… | x_refsource_CONFIRM |
| https://bitbucket.org/connect2id/nimbus-jose-jwt/… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-20T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12973",
"datePublished": "2017-08-20T16:00:00.000Z",
"dateReserved": "2017-08-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:37:10.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-12973",
"date": "2026-05-19",
"epss": "0.00229",
"percentile": "0.4557"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3D2BDED-6749-4862-9D2D-54D871BDC8F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C7AD668-E307-4B4A-9BE8-E837DE4F717C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAF9F006-8B1B-4448-8778-423A6A1F3DC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9523DEE0-8CCF-49C4-B0DA-C9EF243D4B09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7206DFE0-70A4-4E06-BE7F-D8FA8C62A094\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A91050A7-FAE4-4080-B53C-F77420CBF9FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7E63FFD-9C37-4AFD-843E-2ED4235EE399\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DE00EFF-9045-4D30-AFA5-BFF0EDEF91B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AFC1A72-B7A1-42D3-BA3E-C009F041692D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7891E427-B4D0-4E4A-9F5B-4A9122B72ED4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3A76765-2D77-4C79-9E0E-B6A613835F51\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEC445F4-0859-4287-A22F-361CB2F3D037\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84BA3A10-0631-41B3-930E-D56A0AE6A273\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43E3F6F8-7EDD-4D5B-8805-41DDE054BEA9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCE3E9B7-C835-461E-ADD7-D45FBB5A71F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A5B2D3A-EEF6-4147-A779-44E02AB395C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71010D0A-F4E0-4935-8809-F8E995BFA86C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41465ADD-A6B9-4F80-80EF-B636997EA707\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9F8CA64-C93D-43E4-8EB4-3D4797008DF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36364548-4CE5-467A-BA83-5E742AB2593C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46518146-4629-4ACD-B313-339BCB30F1A7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C1C5455-5B5E-4BDE-8AA3-9F64A85912EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45973290-BB00-4376-A965-1A49CAC438E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE1BAB53-F7B9-4D29-88AA-C661E7899CBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0193A1C-E481-401C-B6EB-AC519FD26B67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB7B82D5-29EE-422D-B1E4-B3F6397307F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2848658B-357A-4DAF-9B03-ACFBC3FAF0EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BB464C1-DA4B-44ED-A412-810B9AA189E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"431AD7BC-0959-4FEB-955A-9D194224DFB3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4063DCC0-C019-49B2-8FBC-3C6E002D271B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.13.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A58E19F-C057-45FD-AB6D-8E0B3C3435F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2634E6C8-BC82-4108-B56D-A54215D5CBEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"848C9121-0AD9-48CC-AFEF-A31F31486F3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"396692A2-8D0D-41FB-AC89-860113B5095E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02F670A4-E4E8-4FE9-8BDB-5FB9B87EA476\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB27BDBF-0174-49F3-9E0B-763C3295ED5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43B070AE-3C83-45BA-BA17-23CF14C01BA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62E42F44-32C1-42C4-95AE-6B39CBE8215E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.17.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03B6591B-133D-4D26-975E-CB7BACAAAB53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.17.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B43E0F8B-851B-47DE-9756-93B7F289C853\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"899B28A8-9399-4D4A-A148-3D6A370235E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.18.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CB4503D-6395-419E-A114-B919C80C676C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.18.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38364B69-9544-4DFE-8005-257966E0A118\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2877D83-1126-40CF-B537-6A59E79B4432\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.19.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A94B0B2A-D953-448E-895E-7B64EC527A48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BF5F7D4-413D-4BB3-8E91-DA63B4A4EB49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A5200FE-DB3C-4AA7-9A2C-E897B57B94C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48EA3A68-BB92-40C8-A499-3A355CC0C2BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.22.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8918A7A3-0CBA-4CA2-9F6D-EA077747E004\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C686C25-7B32-4100-8A45-A74F71DBAE58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09D27567-5D24-4213-B02E-49F17F738D5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D22B26BE-378A-4A19-BF62-C88236D798D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3184E5FE-9689-4036-84A5-96E368EFA4CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.26.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"419FFF5B-29E7-44E1-9B24-6FB7C2FC2E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"080D89F9-2CC0-44C7-A23D-268658708AA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F362B31F-A7A0-4BEF-A51D-51A7E465486D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E57CA1D-10EE-4C07-A67A-52B9AAA95335\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F422D307-57B2-4FA5-814C-441E5C229159\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96DA3D0D-7782-42DA-AAA2-DE44B2B67360\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5894378-A2F7-4BE0-8C31-D9B8CE98A7F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"978B4A23-8F2F-494C-957B-BCFD72FAD731\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0985B2D-A96C-484A-B693-54C746024386\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A722D35B-1B21-42BC-A408-7437C9CEC5FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CB5F53D-F786-45C5-A3E6-D20501F6AE41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F095DBDD-265E-4603-868E-8C4E3DCD5532\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38CD047F-EFC2-47CE-A405-B107EEDCC46C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"963A6125-A5D7-4113-83D6-2C3C88F241B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41D46507-7624-446D-B75C-F1D2F9716EEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D76BC618-1F55-4FCB-A97C-616AC36F3C58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6912C07-AF3F-44F4-964C-419C5AC1C8B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCF903D4-539F-4AA6-A30E-52022F06B8B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CAE6CF55-5C3F-4FB1-BC85-68CF5B8C42F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1B7AA70-C87D-4900-8DD6-A522A47EDDF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7927D451-07DB-4414-99DB-80DD9598F2EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"874C9354-4C0B-4F05-8B04-196ECFF983B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F309097C-98E3-467E-A1ED-92C25620F54A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72AA6D9F-DD84-42A8-88E5-FDF049722825\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12957562-6B96-4482-A4DB-A08B396F3B65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"231EE0FC-E5A8-4BB5-A913-36F2C0C0E3C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"750AAE75-42C4-4C0D-8F12-64DEB7A3C0E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C1B0E66-5556-4F95-9B65-EF7235A5F249\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99DE57AC-021B-432D-AC88-5233E79CA3E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D71EC2F3-E793-48A4-956A-B9E097ED4FF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10E92D26-7241-453C-A72B-134EAFE123C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"427A87D9-5DFC-46BF-8CD2-E5EAF5B0E0D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FB0A69F-E99A-4E9F-9533-3B0498CE0F62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBD474EC-34E4-480E-A6D6-E38AA45A024E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D5DC51A-99A4-4F80-A969-08CD423576EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A46F965D-BF09-4834-80B1-3BD43B5319AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD3F3776-7963-4FF2-8E14-8530F8DF5B6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEBB3337-A2BB-4795-8500-4A7DA2513B3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"284AD842-9C1D-4B59-A265-55F86F4B6F36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4CF725FA-FC45-45F4-8109-796CC0D56D0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"085AA1DF-FB71-4663-BF34-E91180FC3822\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68601D0B-E05A-478F-AB8B-61432036DC43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB3F14BD-7BE0-42EE-A895-804DCAD108C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"561929A8-4D82-429E-908F-DECA493F3237\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.16.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAD6C3B2-DFD4-4E4A-AB7E-C4CCA81431BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED7261E1-4125-45C7-980D-256950A7B886\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F27DFF6F-E3BD-4F1B-8E4A-3DB33F98EE94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86416AA0-CCD5-4780-8A41-724C7AAC9A79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"247027A4-E5EA-4584-9A3E-8F62987123D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69E0DB99-22D1-4AE4-BD9F-78F55D19D400\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CB4D8B7-F73E-4B38-86A3-0656E6A2191F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07686354-6652-4FFE-9BBC-905F8AD5632F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B77C8B71-BC12-4645-AB1C-893F28F07414\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C72D36D-2E37-446C-AE45-1433F2BF6449\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"149B96B8-1DEB-4620-8C2D-D03A593D5ACB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62A3D07E-40B7-4730-A666-640FE212A964\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.26.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77A42AAD-E7BA-434C-816E-9C606AE66CE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5095CB6A-7159-498D-9E0A-36245B7D7EB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.27.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BFDA0B1-1B68-49CE-9AF2-FD8F62441317\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.28:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17270178-8541-412C-AE9D-7ADE694DB39C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE6ECBB9-F71E-4E04-8C1E-349650DE2F49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6AFDEAF-CD55-495A-9B12-F131FE454FD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A39BB9C-2183-45DA-8236-D31125B447BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.31.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D62612F6-5774-4EAA-ACC1-A837256163FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FDB6684-DF68-4334-ADB4-484731DAEE61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"842555FA-61DC-40C1-AE26-319E10D63D52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D15C6517-0B9B-4C36-BD34-80D7803FACCC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.34.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D632C03-C8BE-4C2F-AB6C-D3ED55869D8A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.34.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C0A77CA-FF6D-44DB-9476-1DF4F473C3D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3BAF720-023A-4563-AD85-6CB70772A02F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.36.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B1995BF-76DB-4DC9-8FBA-824D8C4793EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD399CAD-D6DB-4FED-B537-C857D40D0BB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.37.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26AE6158-7F92-4873-A0E4-CC9701F6CA14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC3C9378-48D1-4BB1-86B6-C2EB1EE72D28\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.\"}, {\"lang\": \"es\", \"value\": \"Nimbus JOSE+JWT en versiones anteriores a la 4.39 procede de forma inadecuada tras detectar un HMAC no v\\u00e1lido en un descifrado AES-CBC, lo que permite que atacantes lleven a cabo un ataque padding oracle.\"}]",
"id": "CVE-2017-12973",
"lastModified": "2024-11-21T03:10:33.177",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"baseScore\": 3.1, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2017-08-20T16:29:00.283",
"references": "[{\"url\": \"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-354\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-12973\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-08-20T16:29:00.283\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.\"},{\"lang\":\"es\",\"value\":\"Nimbus JOSE+JWT en versiones anteriores a la 4.39 procede de forma inadecuada tras detectar un HMAC no v\u00e1lido en un descifrado AES-CBC, lo que permite que atacantes lleven a cabo un ataque padding oracle.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-354\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3D2BDED-6749-4862-9D2D-54D871BDC8F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C7AD668-E307-4B4A-9BE8-E837DE4F717C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAF9F006-8B1B-4448-8778-423A6A1F3DC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9523DEE0-8CCF-49C4-B0DA-C9EF243D4B09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7206DFE0-70A4-4E06-BE7F-D8FA8C62A094\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A91050A7-FAE4-4080-B53C-F77420CBF9FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7E63FFD-9C37-4AFD-843E-2ED4235EE399\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DE00EFF-9045-4D30-AFA5-BFF0EDEF91B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AFC1A72-B7A1-42D3-BA3E-C009F041692D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7891E427-B4D0-4E4A-9F5B-4A9122B72ED4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3A76765-2D77-4C79-9E0E-B6A613835F51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEC445F4-0859-4287-A22F-361CB2F3D037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84BA3A10-0631-41B3-930E-D56A0AE6A273\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43E3F6F8-7EDD-4D5B-8805-41DDE054BEA9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCE3E9B7-C835-461E-ADD7-D45FBB5A71F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A5B2D3A-EEF6-4147-A779-44E02AB395C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71010D0A-F4E0-4935-8809-F8E995BFA86C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41465ADD-A6B9-4F80-80EF-B636997EA707\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9F8CA64-C93D-43E4-8EB4-3D4797008DF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36364548-4CE5-467A-BA83-5E742AB2593C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46518146-4629-4ACD-B313-339BCB30F1A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C1C5455-5B5E-4BDE-8AA3-9F64A85912EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45973290-BB00-4376-A965-1A49CAC438E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE1BAB53-F7B9-4D29-88AA-C661E7899CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0193A1C-E481-401C-B6EB-AC519FD26B67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB7B82D5-29EE-422D-B1E4-B3F6397307F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2848658B-357A-4DAF-9B03-ACFBC3FAF0EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BB464C1-DA4B-44ED-A412-810B9AA189E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"431AD7BC-0959-4FEB-955A-9D194224DFB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4063DCC0-C019-49B2-8FBC-3C6E002D271B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A58E19F-C057-45FD-AB6D-8E0B3C3435F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2634E6C8-BC82-4108-B56D-A54215D5CBEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"848C9121-0AD9-48CC-AFEF-A31F31486F3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"396692A2-8D0D-41FB-AC89-860113B5095E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02F670A4-E4E8-4FE9-8BDB-5FB9B87EA476\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB27BDBF-0174-49F3-9E0B-763C3295ED5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43B070AE-3C83-45BA-BA17-23CF14C01BA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62E42F44-32C1-42C4-95AE-6B39CBE8215E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03B6591B-133D-4D26-975E-CB7BACAAAB53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.17.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B43E0F8B-851B-47DE-9756-93B7F289C853\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"899B28A8-9399-4D4A-A148-3D6A370235E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB4503D-6395-419E-A114-B919C80C676C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38364B69-9544-4DFE-8005-257966E0A118\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2877D83-1126-40CF-B537-6A59E79B4432\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A94B0B2A-D953-448E-895E-7B64EC527A48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BF5F7D4-413D-4BB3-8E91-DA63B4A4EB49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A5200FE-DB3C-4AA7-9A2C-E897B57B94C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48EA3A68-BB92-40C8-A499-3A355CC0C2BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.22.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8918A7A3-0CBA-4CA2-9F6D-EA077747E004\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C686C25-7B32-4100-8A45-A74F71DBAE58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09D27567-5D24-4213-B02E-49F17F738D5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D22B26BE-378A-4A19-BF62-C88236D798D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3184E5FE-9689-4036-84A5-96E368EFA4CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:2.26.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"419FFF5B-29E7-44E1-9B24-6FB7C2FC2E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"080D89F9-2CC0-44C7-A23D-268658708AA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F362B31F-A7A0-4BEF-A51D-51A7E465486D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E57CA1D-10EE-4C07-A67A-52B9AAA95335\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F422D307-57B2-4FA5-814C-441E5C229159\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96DA3D0D-7782-42DA-AAA2-DE44B2B67360\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5894378-A2F7-4BE0-8C31-D9B8CE98A7F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"978B4A23-8F2F-494C-957B-BCFD72FAD731\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0985B2D-A96C-484A-B693-54C746024386\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A722D35B-1B21-42BC-A408-7437C9CEC5FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CB5F53D-F786-45C5-A3E6-D20501F6AE41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F095DBDD-265E-4603-868E-8C4E3DCD5532\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38CD047F-EFC2-47CE-A405-B107EEDCC46C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"963A6125-A5D7-4113-83D6-2C3C88F241B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41D46507-7624-446D-B75C-F1D2F9716EEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D76BC618-1F55-4FCB-A97C-616AC36F3C58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6912C07-AF3F-44F4-964C-419C5AC1C8B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCF903D4-539F-4AA6-A30E-52022F06B8B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAE6CF55-5C3F-4FB1-BC85-68CF5B8C42F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1B7AA70-C87D-4900-8DD6-A522A47EDDF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7927D451-07DB-4414-99DB-80DD9598F2EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"874C9354-4C0B-4F05-8B04-196ECFF983B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F309097C-98E3-467E-A1ED-92C25620F54A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72AA6D9F-DD84-42A8-88E5-FDF049722825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12957562-6B96-4482-A4DB-A08B396F3B65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"231EE0FC-E5A8-4BB5-A913-36F2C0C0E3C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"750AAE75-42C4-4C0D-8F12-64DEB7A3C0E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C1B0E66-5556-4F95-9B65-EF7235A5F249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99DE57AC-021B-432D-AC88-5233E79CA3E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D71EC2F3-E793-48A4-956A-B9E097ED4FF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10E92D26-7241-453C-A72B-134EAFE123C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"427A87D9-5DFC-46BF-8CD2-E5EAF5B0E0D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FB0A69F-E99A-4E9F-9533-3B0498CE0F62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBD474EC-34E4-480E-A6D6-E38AA45A024E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D5DC51A-99A4-4F80-A969-08CD423576EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A46F965D-BF09-4834-80B1-3BD43B5319AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD3F3776-7963-4FF2-8E14-8530F8DF5B6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEBB3337-A2BB-4795-8500-4A7DA2513B3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"284AD842-9C1D-4B59-A265-55F86F4B6F36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CF725FA-FC45-45F4-8109-796CC0D56D0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"085AA1DF-FB71-4663-BF34-E91180FC3822\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68601D0B-E05A-478F-AB8B-61432036DC43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB3F14BD-7BE0-42EE-A895-804DCAD108C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"561929A8-4D82-429E-908F-DECA493F3237\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAD6C3B2-DFD4-4E4A-AB7E-C4CCA81431BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED7261E1-4125-45C7-980D-256950A7B886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F27DFF6F-E3BD-4F1B-8E4A-3DB33F98EE94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86416AA0-CCD5-4780-8A41-724C7AAC9A79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"247027A4-E5EA-4584-9A3E-8F62987123D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69E0DB99-22D1-4AE4-BD9F-78F55D19D400\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB4D8B7-F73E-4B38-86A3-0656E6A2191F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07686354-6652-4FFE-9BBC-905F8AD5632F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B77C8B71-BC12-4645-AB1C-893F28F07414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C72D36D-2E37-446C-AE45-1433F2BF6449\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"149B96B8-1DEB-4620-8C2D-D03A593D5ACB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62A3D07E-40B7-4730-A666-640FE212A964\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.26.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77A42AAD-E7BA-434C-816E-9C606AE66CE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5095CB6A-7159-498D-9E0A-36245B7D7EB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.27.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BFDA0B1-1B68-49CE-9AF2-FD8F62441317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17270178-8541-412C-AE9D-7ADE694DB39C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE6ECBB9-F71E-4E04-8C1E-349650DE2F49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6AFDEAF-CD55-495A-9B12-F131FE454FD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A39BB9C-2183-45DA-8236-D31125B447BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.31.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D62612F6-5774-4EAA-ACC1-A837256163FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FDB6684-DF68-4334-ADB4-484731DAEE61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"842555FA-61DC-40C1-AE26-319E10D63D52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D15C6517-0B9B-4C36-BD34-80D7803FACCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.34.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D632C03-C8BE-4C2F-AB6C-D3ED55869D8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.34.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C0A77CA-FF6D-44DB-9476-1DF4F473C3D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3BAF720-023A-4563-AD85-6CB70772A02F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.36.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B1995BF-76DB-4DC9-8FBA-824D8C4793EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD399CAD-D6DB-4FED-B537-C857D40D0BB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.37.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26AE6158-7F92-4873-A0E4-CC9701F6CA14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:connect2id:nimbus_jose\\\\+jwt:4.38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC3C9378-48D1-4BB1-86B6-C2EB1EE72D28\"}]}]}],\"references\":[{\"url\":\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]}]}}"
}
}
BDU:2022-07422
Vulnerability from fstec - Published: 13.04.2017
VLAI Severity ?
Title
Уязвимость компонента HMAC Java-библиотеки Nimbus JOSE + JWT, позволяющая нарушителю раскрыть защищаемую информацию
Description
Уязвимость компонента HMAC Java-библиотеки Nimbus JOSE + JWT связана с отсутствием проверки целостности. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть защищаемую информацию
Severity ?
Vendor
Connect2id Ltd.
Software Name
Nimbus JOSE + JWT
Software Version
до 4.39 (Nimbus JOSE + JWT)
Possible Mitigations
Использование рекомендаций:
https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912
https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac
https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt
Reference
https://nvd.nist.gov/vuln/detail/CVE-2017-12973
https://vuldb.com/?id.105615
https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912 Пластырь
https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac
https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt
CWE
CWE-354
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Connect2id Ltd.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 4.39 (Nimbus JOSE + JWT)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912\nhttps://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac \nhttps://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.04.2017",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.12.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.12.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-07422",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-12973",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Nimbus JOSE + JWT",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 HMAC Java-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Nimbus JOSE + JWT, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 (CWE-354)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 HMAC Java-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Nimbus JOSE + JWT \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2017-12973\nhttps://vuldb.com/?id.105615\nhttps://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912 \u041f\u043b\u0430\u0441\u0442\u044b\u0440\u044c \nhttps://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac \nhttps://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-354",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,1)"
}
CNVD-2017-29546
Vulnerability from cnvd - Published: 2017-10-11
VLAI Severity ?
Title
Nimbus JOSE+JWT padding oracle攻击信息泄露漏洞
Description
Nimbus JOSE+JWT是一个开源的Java库。
Nimbus JOSE+JWT存在安全漏洞,允许攻击者利用漏洞提交特制的请求,进行padding oracle攻击,获取敏感信息。
Severity
中
Patch Name
Nimbus JOSE+JWT padding oracle攻击信息泄露漏洞的补丁
Patch Description
Nimbus JOSE+JWT是一个开源的Java库。
Nimbus JOSE+JWT存在安全漏洞,允许攻击者利用漏洞提交特制的请求,进行padding oracle攻击,获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912
Reference
https://nvd.nist.gov/vuln/detail/CVE-2017-12973
Impacted products
| Name | connect2id Nimbus JOSE+JWT <4.39 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-12973"
}
},
"description": "Nimbus JOSE+JWT\u662f\u4e00\u4e2a\u5f00\u6e90\u7684Java\u5e93\u3002\r\n\r\nNimbus JOSE+JWT\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u5236\u7684\u8bf7\u6c42\uff0c\u8fdb\u884cpadding oracle\u653b\u51fb\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "connect2id",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-29546",
"openTime": "2017-10-11",
"patchDescription": "Nimbus JOSE+JWT\u662f\u4e00\u4e2a\u5f00\u6e90\u7684Java\u5e93\u3002\r\n\r\nNimbus JOSE+JWT\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u5236\u7684\u8bf7\u6c42\uff0c\u8fdb\u884cpadding oracle\u653b\u51fb\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Nimbus JOSE+JWT padding oracle\u653b\u51fb\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "connect2id Nimbus JOSE+JWT \u003c4.39"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-12973",
"serverity": "\u4e2d",
"submitTime": "2017-08-21",
"title": "Nimbus JOSE+JWT padding oracle\u653b\u51fb\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
FKIE_CVE-2017-12973
Vulnerability from fkie_nvd - Published: 2017-08-20 16:29 - Updated: 2026-05-13 00:24
Severity ?
Summary
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912 | Patch, Third Party Advisory | |
| cve@mitre.org | https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac | Third Party Advisory | |
| cve@mitre.org | https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt | Release Notes, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D2BDED-6749-4862-9D2D-54D871BDC8F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7AD668-E307-4B4A-9BE8-E837DE4F717C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF9F006-8B1B-4448-8778-423A6A1F3DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9523DEE0-8CCF-49C4-B0DA-C9EF243D4B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7206DFE0-70A4-4E06-BE7F-D8FA8C62A094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A91050A7-FAE4-4080-B53C-F77420CBF9FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E63FFD-9C37-4AFD-843E-2ED4235EE399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE00EFF-9045-4D30-AFA5-BFF0EDEF91B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC1A72-B7A1-42D3-BA3E-C009F041692D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7891E427-B4D0-4E4A-9F5B-4A9122B72ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A76765-2D77-4C79-9E0E-B6A613835F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC445F4-0859-4287-A22F-361CB2F3D037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "84BA3A10-0631-41B3-930E-D56A0AE6A273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "43E3F6F8-7EDD-4D5B-8805-41DDE054BEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE3E9B7-C835-461E-ADD7-D45FBB5A71F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5B2D3A-EEF6-4147-A779-44E02AB395C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "71010D0A-F4E0-4935-8809-F8E995BFA86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41465ADD-A6B9-4F80-80EF-B636997EA707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F8CA64-C93D-43E4-8EB4-3D4797008DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36364548-4CE5-467A-BA83-5E742AB2593C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46518146-4629-4ACD-B313-339BCB30F1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1C5455-5B5E-4BDE-8AA3-9F64A85912EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45973290-BB00-4376-A965-1A49CAC438E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1BAB53-F7B9-4D29-88AA-C661E7899CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B0193A1C-E481-401C-B6EB-AC519FD26B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7B82D5-29EE-422D-B1E4-B3F6397307F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2848658B-357A-4DAF-9B03-ACFBC3FAF0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB464C1-DA4B-44ED-A412-810B9AA189E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "431AD7BC-0959-4FEB-955A-9D194224DFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4063DCC0-C019-49B2-8FBC-3C6E002D271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58E19F-C057-45FD-AB6D-8E0B3C3435F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2634E6C8-BC82-4108-B56D-A54215D5CBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "848C9121-0AD9-48CC-AFEF-A31F31486F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "396692A2-8D0D-41FB-AC89-860113B5095E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F670A4-E4E8-4FE9-8BDB-5FB9B87EA476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB27BDBF-0174-49F3-9E0B-763C3295ED5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "43B070AE-3C83-45BA-BA17-23CF14C01BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "62E42F44-32C1-42C4-95AE-6B39CBE8215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03B6591B-133D-4D26-975E-CB7BACAAAB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B43E0F8B-851B-47DE-9756-93B7F289C853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "899B28A8-9399-4D4A-A148-3D6A370235E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4503D-6395-419E-A114-B919C80C676C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38364B69-9544-4DFE-8005-257966E0A118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B2877D83-1126-40CF-B537-6A59E79B4432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A94B0B2A-D953-448E-895E-7B64EC527A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF5F7D4-413D-4BB3-8E91-DA63B4A4EB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5200FE-DB3C-4AA7-9A2C-E897B57B94C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "48EA3A68-BB92-40C8-A499-3A355CC0C2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8918A7A3-0CBA-4CA2-9F6D-EA077747E004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4C686C25-7B32-4100-8A45-A74F71DBAE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "09D27567-5D24-4213-B02E-49F17F738D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "D22B26BE-378A-4A19-BF62-C88236D798D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "3184E5FE-9689-4036-84A5-96E368EFA4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "419FFF5B-29E7-44E1-9B24-6FB7C2FC2E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "080D89F9-2CC0-44C7-A23D-268658708AA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F362B31F-A7A0-4BEF-A51D-51A7E465486D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E57CA1D-10EE-4C07-A67A-52B9AAA95335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F422D307-57B2-4FA5-814C-441E5C229159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "96DA3D0D-7782-42DA-AAA2-DE44B2B67360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5894378-A2F7-4BE0-8C31-D9B8CE98A7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "978B4A23-8F2F-494C-957B-BCFD72FAD731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0985B2D-A96C-484A-B693-54C746024386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A722D35B-1B21-42BC-A408-7437C9CEC5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB5F53D-F786-45C5-A3E6-D20501F6AE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F095DBDD-265E-4603-868E-8C4E3DCD5532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38CD047F-EFC2-47CE-A405-B107EEDCC46C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "963A6125-A5D7-4113-83D6-2C3C88F241B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41D46507-7624-446D-B75C-F1D2F9716EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D76BC618-1F55-4FCB-A97C-616AC36F3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F6912C07-AF3F-44F4-964C-419C5AC1C8B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF903D4-539F-4AA6-A30E-52022F06B8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE6CF55-5C3F-4FB1-BC85-68CF5B8C42F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B7AA70-C87D-4900-8DD6-A522A47EDDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7927D451-07DB-4414-99DB-80DD9598F2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874C9354-4C0B-4F05-8B04-196ECFF983B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F309097C-98E3-467E-A1ED-92C25620F54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA6D9F-DD84-42A8-88E5-FDF049722825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12957562-6B96-4482-A4DB-A08B396F3B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "231EE0FC-E5A8-4BB5-A913-36F2C0C0E3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "750AAE75-42C4-4C0D-8F12-64DEB7A3C0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1B0E66-5556-4F95-9B65-EF7235A5F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99DE57AC-021B-432D-AC88-5233E79CA3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D71EC2F3-E793-48A4-956A-B9E097ED4FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "10E92D26-7241-453C-A72B-134EAFE123C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "427A87D9-5DFC-46BF-8CD2-E5EAF5B0E0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB0A69F-E99A-4E9F-9533-3B0498CE0F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD474EC-34E4-480E-A6D6-E38AA45A024E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5DC51A-99A4-4F80-A969-08CD423576EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A46F965D-BF09-4834-80B1-3BD43B5319AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3F3776-7963-4FF2-8E14-8530F8DF5B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBB3337-A2BB-4795-8500-4A7DA2513B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "284AD842-9C1D-4B59-A265-55F86F4B6F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF725FA-FC45-45F4-8109-796CC0D56D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "085AA1DF-FB71-4663-BF34-E91180FC3822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "68601D0B-E05A-478F-AB8B-61432036DC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3F14BD-7BE0-42EE-A895-804DCAD108C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "561929A8-4D82-429E-908F-DECA493F3237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD6C3B2-DFD4-4E4A-AB7E-C4CCA81431BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7261E1-4125-45C7-980D-256950A7B886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F27DFF6F-E3BD-4F1B-8E4A-3DB33F98EE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "86416AA0-CCD5-4780-8A41-724C7AAC9A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "247027A4-E5EA-4584-9A3E-8F62987123D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "69E0DB99-22D1-4AE4-BD9F-78F55D19D400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB4D8B7-F73E-4B38-86A3-0656E6A2191F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "07686354-6652-4FFE-9BBC-905F8AD5632F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B77C8B71-BC12-4645-AB1C-893F28F07414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0C72D36D-2E37-446C-AE45-1433F2BF6449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "149B96B8-1DEB-4620-8C2D-D03A593D5ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "62A3D07E-40B7-4730-A666-640FE212A964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77A42AAD-E7BA-434C-816E-9C606AE66CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5095CB6A-7159-498D-9E0A-36245B7D7EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFDA0B1-1B68-49CE-9AF2-FD8F62441317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "17270178-8541-412C-AE9D-7ADE694DB39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6ECBB9-F71E-4E04-8C1E-349650DE2F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D6AFDEAF-CD55-495A-9B12-F131FE454FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6A39BB9C-2183-45DA-8236-D31125B447BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D62612F6-5774-4EAA-ACC1-A837256163FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDB6684-DF68-4334-ADB4-484731DAEE61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "842555FA-61DC-40C1-AE26-319E10D63D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D15C6517-0B9B-4C36-BD34-80D7803FACCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D632C03-C8BE-4C2F-AB6C-D3ED55869D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C0A77CA-FF6D-44DB-9476-1DF4F473C3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BAF720-023A-4563-AD85-6CB70772A02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.36.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1995BF-76DB-4DC9-8FBA-824D8C4793EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "CD399CAD-D6DB-4FED-B537-C857D40D0BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.37.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26AE6158-7F92-4873-A0E4-CC9701F6CA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3C9378-48D1-4BB1-86B6-C2EB1EE72D28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack."
},
{
"lang": "es",
"value": "Nimbus JOSE+JWT en versiones anteriores a la 4.39 procede de forma inadecuada tras detectar un HMAC no v\u00e1lido en un descifrado AES-CBC, lo que permite que atacantes lleven a cabo un ataque padding oracle."
}
],
"id": "CVE-2017-12973",
"lastModified": "2026-05-13T00:24:29.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-20T16:29:00.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-JFMQ-4G4M-99RH
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-11-08 23:03
VLAI?
Summary
Nimbus JOSE+JWT vulnerable to padding oracle attack
Details
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.nimbusds:nimbus-jose-jwt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.39"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-12973"
],
"database_specific": {
"cwe_ids": [
"CWE-354"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-08T23:03:33Z",
"nvd_published_at": "2017-08-20T16:29:00Z",
"severity": "LOW"
},
"details": "Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.",
"id": "GHSA-jfmq-4g4m-99rh",
"modified": "2022-11-08T23:03:33Z",
"published": "2022-05-13T01:42:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12973"
},
{
"type": "WEB",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"type": "WEB",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"type": "WEB",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Nimbus JOSE+JWT vulnerable to padding oracle attack"
}
GSD-2017-12973
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-12973",
"description": "Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.",
"id": "GSD-2017-12973"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-12973"
],
"details": "Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.",
"id": "GSD-2017-12973",
"modified": "2023-12-13T01:21:03.412176Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,4.39)",
"affected_versions": "All versions before 4.39",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-354",
"CWE-937"
],
"date": "2019-10-03",
"description": "Nimbus JOSE+JWT proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.",
"fixed_versions": [
"4.39"
],
"identifier": "CVE-2017-12973",
"identifiers": [
"CVE-2017-12973"
],
"not_impacted": "all versions starting from 4.39",
"package_slug": "maven/com.nimbusds/nimbus-jose-jwt",
"pubdate": "2017-08-20",
"solution": "Upgrade to version 4.39",
"title": "Improper Validation of Integrity Check Value",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-12973"
],
"uuid": "7eba18ff-2d1b-46fe-a48d-c8da270310f0"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.22.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.31.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.36.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.26.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.26.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.27.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.37.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12973"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2017-08-20T16:29Z"
}
}
}
WID-SEC-W-2022-0770
Vulnerability from csaf_certbund - Published: 2020-04-23 22:00 - Updated: 2024-05-16 22:00Summary
IBM DB2: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erhöhen oder einen Denial of Service zu verursachen
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
In IBM DB2 existieren mehrere Schwachstellen in abhängigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern.
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
EMC Avamar
EMC
|
cpe:/a:emc:avamar:-
|
— | |
|
IBM DB2 11.1
IBM / DB2
|
cpe:/a:ibm:db2:11.1
|
11.1 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM DB2 11.5
IBM / DB2
|
cpe:/a:ibm:db2:11.5
|
11.5 | |
|
Hitachi Ops Center <Analyzer 10.9.3-00
Hitachi / Ops Center
|
<Analyzer 10.9.3-00 | ||
|
Hitachi Ops Center
Hitachi / Ops Center
|
cpe:/a:hitachi:ops_center:-
|
— | |
|
Hitachi Ops Center <Viewpoint 10.9.3-00
Hitachi / Ops Center
|
<Viewpoint 10.9.3-00 |
References
11 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um seine Privilegien zu erh\u00f6hen oder einen Denial of Service zu verursachen",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0770 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-0770.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0770 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0770"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6198380 vom 2020-04-23",
"url": "https://www.ibm.com/support/pages/node/6198380"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:2603 vom 2020-06-17",
"url": "https://access.redhat.com/errata/RHSA-2020:2603"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:4807 vom 2020-11-04",
"url": "https://access.redhat.com/errata/RHSA-2020:4807"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:3225 vom 2021-08-20",
"url": "https://access.redhat.com/errata/RHSA-2021:3225"
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2022-115 vom 2022-05-27",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-115/index.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6605881 vom 2022-07-21",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-have-been-identified-in-ibm-db2-shipped-with-ibm-puredata-system-for-operational-analytics/"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-070 vom 2024-02-03",
"url": "https://www.dell.com/support/kbdoc/000221770/dsa-2024-="
},
{
"category": "external",
"summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-144 vom 2023-10-03",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-144/index.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7153639 vom 2024-05-17",
"url": "https://www.ibm.com/support/pages/node/7153639"
}
],
"source_lang": "en-US",
"title": "IBM DB2: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-05-16T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:32:05.856+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-0770",
"initial_release_date": "2020-04-23T22:00:00.000+00:00",
"revision_history": [
{
"date": "2020-04-23T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-06-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2020-11-03T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-08-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-05-26T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2022-07-20T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-10-03T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von HITACHI aufgenommen"
},
{
"date": "2024-02-04T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-05-16T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Ops Center",
"product": {
"name": "Hitachi Ops Center",
"product_id": "T017562",
"product_identification_helper": {
"cpe": "cpe:/a:hitachi:ops_center:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003cAnalyzer 10.9.3-00",
"product": {
"name": "Hitachi Ops Center \u003cAnalyzer 10.9.3-00",
"product_id": "T030196"
}
},
{
"category": "product_version_range",
"name": "\u003cViewpoint 10.9.3-00",
"product": {
"name": "Hitachi Ops Center \u003cViewpoint 10.9.3-00",
"product_id": "T030197"
}
}
],
"category": "product_name",
"name": "Ops Center"
}
],
"category": "vendor",
"name": "Hitachi"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11.1",
"product": {
"name": "IBM DB2 11.1",
"product_id": "342000",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:11.1"
}
}
},
{
"category": "product_version",
"name": "11.5",
"product": {
"name": "IBM DB2 11.5",
"product_id": "695419",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:11.5"
}
}
}
],
"category": "product_name",
"name": "DB2"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-0001",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2009-0001"
},
{
"cve": "CVE-2014-0114",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2014-0114"
},
{
"cve": "CVE-2014-0193",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2014-0193"
},
{
"cve": "CVE-2014-3488",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2014-3488"
},
{
"cve": "CVE-2015-2156",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2015-2156"
},
{
"cve": "CVE-2016-2402",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2016-2402"
},
{
"cve": "CVE-2017-12972",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-12972"
},
{
"cve": "CVE-2017-12973",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-12973"
},
{
"cve": "CVE-2017-12974",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-12974"
},
{
"cve": "CVE-2017-18640",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-18640"
},
{
"cve": "CVE-2017-3734",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-3734"
},
{
"cve": "CVE-2017-5637",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2017-5637"
},
{
"cve": "CVE-2018-10237",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2018-10237"
},
{
"cve": "CVE-2018-11771",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2018-11771"
},
{
"cve": "CVE-2018-8009",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2018-8009"
},
{
"cve": "CVE-2018-8012",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2018-8012"
},
{
"cve": "CVE-2019-0201",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-0201"
},
{
"cve": "CVE-2019-10086",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-10086"
},
{
"cve": "CVE-2019-10172",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-10172"
},
{
"cve": "CVE-2019-10202",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-10202"
},
{
"cve": "CVE-2019-12402",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-12402"
},
{
"cve": "CVE-2019-16869",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-16869"
},
{
"cve": "CVE-2019-17195",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-17195"
},
{
"cve": "CVE-2019-17571",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-17571"
},
{
"cve": "CVE-2019-9512",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9514",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-9514"
},
{
"cve": "CVE-2019-9515",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-9515"
},
{
"cve": "CVE-2019-9518",
"notes": [
{
"category": "description",
"text": "In IBM DB2 existieren mehrere Schwachstellen in abh\u00e4ngigen Bibliotheken. Ein entfernter anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service zu verursachen oder seine Rechte zu erweitern."
}
],
"product_status": {
"known_affected": [
"T014381",
"342000",
"67646",
"695419",
"T030196",
"T017562",
"T030197"
]
},
"release_date": "2020-04-23T22:00:00.000+00:00",
"title": "CVE-2019-9518"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…