Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| connect2id | nimbus_jose\+jwt | 7.9 | - |
| apache | hadoop | - | - |
| oracle | communications_cloud_native_core_security_edge_protection_proxy |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
18
Affected Products
32
References
connect2id / nimbus_jose\+jwt
| - |
| - |
| oracle | communications_pricing_design_center | - | - |
| oracle | data_integrator | - | - |
| oracle | enterprise_manager_base_platform | - | - |
| oracle | healthcare_data_repository | - | - |
| oracle | insurance_policy_administration | 11.0 - 11.3.1 | - |
| oracle | jd_edwards_enterpriseone_orchestrator | 9.2.5.3 | - |
| oracle | jd_edwards_enterpriseone_tools | 9.2.5.3 | - |
| oracle | peoplesoft_enterprise_peopletools | - | - |
| oracle | peoplesoft_enterprise_peopletools | - | - |
| oracle | policy_automation | 12.2.0 - 12.2.22 | - |
| oracle | primavera_gateway | 18.8.0 - 18.8.11 | - |
| oracle | primavera_gateway | - | - |
| oracle | solaris_cluster | - | - |
| oracle | weblogic_server | - | - |
| oracle | weblogic_server | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact