CVE-2022-22332

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131.Read More ...

Continue Reading
RST Threat feed. IOC: https://shorta.email/libs/php-jwt-main/src/jwt.php

Found **https://shorta[.]email/libs/php-jwt-main/src/jwt...Read More ...

Continue Reading
RST Threat feed. IOC: https://shorta.email/libs/php-jwt-main/src/key.php

Found **https://shorta[.]email/libs/php-jwt-main/src/key...Read More ...

Continue Reading
CVE-2022-22311

IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens.Read Mo ...

Continue Reading
OSS API Firewall Unveils new Feature: Blacklist for Compromised API Tokens and Cookies

Discovering and securing any API is one of the most difficult challenges for developers. The [API security]() landscape is constantly evolving, with new threats and vulnerabilities emerging at a rapid ...

Continue Reading
Security Bulletin: IBM Security Verify Access is vulnerable to obtaining sensitive information due to improper validation of JWT tokens.

## Summary IBM Security Verify Access can be vulnerable to manipulation of JWT tokens and could lead to obtaining sensitive information or possibly change some information. ## Vulnerability Details ** ...

Continue Reading
Validation Bypass

firebase/php-jwt is vulnerable to validation bypass. The vulnerability exists in `decode` and `verify` functions in `JWT.php` because the token validations are not properly handled when multiple keys ...

Continue Reading
CVE-2021-46743

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attack ...

Continue Reading

Back to Main

Subscribe for the latest news: