Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Hadoop
APPApache3.2.1Connect2id Nimbus Jose\+jwt
APPConnect2Id< 7.9Oracle Communications Cloud Native Core Security Edge Protection Proxy
APPOracle1.7.0Oracle Communications Pricing Design Center
APPOracle12.0.0.3.0Oracle Data Integrator
APPOracle12.2.1.4.0Oracle Enterprise Manager Base Platform
APPOracle13.4.0.0Oracle Healthcare Data Repository
APPOracle8.1.0Oracle Insurance Policy Administration
APPOracle11.0 – 11.3.1Oracle Jd Edwards Enterpriseone Orchestrator
APPOracle≤ 9.2.5.3Oracle Jd Edwards Enterpriseone Tools
APPOracle≤ 9.2.5.3Oracle Peoplesoft Enterprise Peopletools
APPOracle8.588.59Oracle Policy Automation
APPOracle12.2.0 – 12.2.22Oracle Primavera Gateway
APPOracle19.12.018.8.0 – 18.8.11Oracle Solaris Cluster
APPOracle4.0Oracle Weblogic Server
APPOracle12.2.1.3.012.2.1.4.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje
Powiązane podatności
CVE-2026-35273CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Pominięcie uwierzytelnienia w Oracle PeopleSoft PeopleTools (RCE/Takeover)
CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...
CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
CVE-2022-22947CRITICAL10.0⚠ KEVten sam produkt
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection ...
CVE-2021-42013CRITICAL9.8⚠ KEVten sam produkt
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could ...