VDB
CVE-2022-23540
CVE-2022-23540
PUBLISHED
Es existiert eine Schwachstelle in IBM Integration Bus, aufgund eines unsicheren Standardalgorithmus in der Funktion "jwt.verify()" in "Auth0 jsonwebtoken". Ein authentisierter Angreifer kann das ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
EPSS 0.02% · 6.9th percentile
Risk Scores
EPSS Score
0.02%
6.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4 | |
| Gentoo | Gentoo Linux | |
| Atlassian | Atlassian Bitbucket <8.19.25 (LTS) | |
| Red Hat | Red Hat OpenShift Data Foundation <4.13.0 | |
| IBM | IBM Tivoli Business Service Manager 6.2.0 | |
| Red Hat | Red Hat Enterprise Linux Service Interconnect 1 | |
| Red Hat | Red Hat OpenShift Container Platform <4.11.44 | |
| HCL | HCL BigFix | |
| Red Hat | Red Hat OpenShift Container Platform <4.12.22 | |
| Red Hat | Red Hat OpenShift Container Platform <4.14.0 | |
| IBM | IBM Integration Bus 10.0.0.0 - 10.0.0.26 | |
| IBM | IBM MQ 9.2 | |
| Fedora | Fedora Linux | |
| Red Hat | Red Hat OpenShift | |
| Red Hat | Red Hat OpenShift Container Platform 4.12 | |
| Oracle | Oracle Linux | |
| Red Hat | Red Hat OpenShift Container Platform <4.13.4 | |
| IBM | IBM MQ 9.0 | |
| IBM | IBM MQ 9.1 | |
| Red Hat | Red Hat OpenShift Container Platform <4.12.46 |
…and 5 more
Exploit Intelligence
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- summary.html (github-poc)
- security_jwt_test.go (github-poc)
…and 7 more exploits
Timeline
- Dec 22, 2022 CVE Published
- Dec 23, 2022 EPSS Score
- Jan 18, 2023 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 28, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 27, 2023 EPSS Score
- Jun 7, 2023 EPSS Score
- Jul 19, 2023 EPSS Score
- Aug 29, 2023 EPSS Score
- Oct 10, 2023 EPSS Score
- Nov 20, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0218.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0218 advisory
- https://www.ibm.com/support/pages/node/6890605 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1208.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1208 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-2023-035866b576 advisory
- https://www.ibm.com/support/pages/node/7030667 advisory
- https://www.ibm.com/support/pages/node/7023212 advisory
- https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104732 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1542.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1542 advisory
- https://access.redhat.com/errata/RHSA-2023:3742 advisory
- https://access.redhat.com/errata/RHSA-2023:3614 advisory
- https://access.redhat.com/errata/RHSA-2023:3615 advisory
- https://access.redhat.com/errata/RHSA-2023:3613 advisory
- https://access.redhat.com/errata/RHSA-2023:3918 advisory
- https://access.redhat.com/errata/RHSA-2023:3943 advisory
- https://access.redhat.com/errata/RHSA-2023:3910 advisory
- https://access.redhat.com/errata/RHSA-2023:3915 advisory
- https://access.redhat.com/errata/RHSA-2023:3925 advisory
…and 42 more