It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesnât ...
Continue Reading
January 18, 2023
# CVE 2022-23540 In versions `Read More ...
Continue Reading
January 17, 2023
# CVE-2022-23529 The JSON Web Token (JWT) library versions prio...Read More ...
Continue Reading
January 16, 2023
# Description `PUT /api/v1/users/{id}` API doesn't properly check the authorizaion. # Proof of Concept 1. [admin] Enable user registration functionality. 2. [user] Register new user and login as them. ...
Continue Reading
January 14, 2023
Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker ...
Continue Reading
January 14, 2023
## Summary A vulnerability in jwt-go affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for steps to address this issue. ## Vulnerability Details ** CVEID: **[CV ...
Continue Reading
January 13, 2023
## Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructi ...
Continue Reading
January 12, 2023
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A new high-severity vulnerability named CVE-2022-23529 has been discovered in the popular JsonWebTo ...
Continue Reading
January 10, 2023
Back to Main
