Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
The product does not validate or incorrectly validates the integrity check values or “checksums” of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nimbus_jose+jwt | Connect2id | 1.9.1 | 1.9.1 |
Nimbus_jose+jwt | Connect2id | 4.0 | 4.0 |
Nimbus_jose+jwt | Connect2id | 2.6 | 2.6 |
Nimbus_jose+jwt | Connect2id | 1.4 | 1.4 |
Nimbus_jose+jwt | Connect2id | 4.3 | 4.3 |
Nimbus_jose+jwt | Connect2id | 2.1 | 2.1 |
Nimbus_jose+jwt | Connect2id | 2.16 | 2.16 |
Nimbus_jose+jwt | Connect2id | 2.19 | 2.19 |
Nimbus_jose+jwt | Connect2id | 2.10.1 | 2.10.1 |
Nimbus_jose+jwt | Connect2id | 4.34.2 | 4.34.2 |
Nimbus_jose+jwt | Connect2id | 1.7 | 1.7 |
Nimbus_jose+jwt | Connect2id | 4.17 | 4.17 |
Nimbus_jose+jwt | Connect2id | 1.10 | 1.10 |
Nimbus_jose+jwt | Connect2id | 2.22 | 2.22 |
Nimbus_jose+jwt | Connect2id | 4.31.1 | 4.31.1 |
Nimbus_jose+jwt | Connect2id | 2.25 | 2.25 |
Nimbus_jose+jwt | Connect2id | 4.1.1 | 4.1.1 |
Nimbus_jose+jwt | Connect2id | 4.6 | 4.6 |
Nimbus_jose+jwt | Connect2id | 3.4 | 3.4 |
Nimbus_jose+jwt | Connect2id | 4.24 | 4.24 |
Nimbus_jose+jwt | Connect2id | 2.13.0 | 2.13.0 |
Nimbus_jose+jwt | Connect2id | 2.15.2 | 2.15.2 |
Nimbus_jose+jwt | Connect2id | 4.8 | 4.8 |
Nimbus_jose+jwt | Connect2id | 4.35 | 4.35 |
Nimbus_jose+jwt | Connect2id | 1.9 | 1.9 |
Nimbus_jose+jwt | Connect2id | 3.2.1 | 3.2.1 |
Nimbus_jose+jwt | Connect2id | 2.20 | 2.20 |
Nimbus_jose+jwt | Connect2id | 2.1.1 | 2.1.1 |
Nimbus_jose+jwt | Connect2id | 3.5 | 3.5 |
Nimbus_jose+jwt | Connect2id | 1.5 | 1.5 |
Nimbus_jose+jwt | Connect2id | 2.17.2 | 2.17.2 |
Nimbus_jose+jwt | Connect2id | 4.37 | 4.37 |
Nimbus_jose+jwt | Connect2id | 4.38 | 4.38 |
Nimbus_jose+jwt | Connect2id | 2.4 | 2.4 |
Nimbus_jose+jwt | Connect2id | 3.1 | 3.1 |
Nimbus_jose+jwt | Connect2id | 4.9 | 4.9 |
Nimbus_jose+jwt | Connect2id | 2.24 | 2.24 |
Nimbus_jose+jwt | Connect2id | 3.6 | 3.6 |
Nimbus_jose+jwt | Connect2id | 2.10 | 2.10 |
Nimbus_jose+jwt | Connect2id | 4.10 | 4.10 |
Nimbus_jose+jwt | Connect2id | 3.10 | 3.10 |
Nimbus_jose+jwt | Connect2id | 2.17 | 2.17 |
Nimbus_jose+jwt | Connect2id | 4.34 | 4.34 |
Nimbus_jose+jwt | Connect2id | 4.27.1 | 4.27.1 |
Nimbus_jose+jwt | Connect2id | 3.7 | 3.7 |
Nimbus_jose+jwt | Connect2id | 1.1 | 1.1 |
Nimbus_jose+jwt | Connect2id | 4.13.1 | 4.13.1 |
Nimbus_jose+jwt | Connect2id | 4.27 | 4.27 |
Nimbus_jose+jwt | Connect2id | 2.18.1 | 2.18.1 |
Nimbus_jose+jwt | Connect2id | 4.16.1 | 4.16.1 |
Nimbus_jose+jwt | Connect2id | 4.21 | 4.21 |
Nimbus_jose+jwt | Connect2id | 4.19 | 4.19 |
Nimbus_jose+jwt | Connect2id | 2.12.0 | 2.12.0 |
Nimbus_jose+jwt | Connect2id | 1.8 | 1.8 |
Nimbus_jose+jwt | Connect2id | 2.18 | 2.18 |
Nimbus_jose+jwt | Connect2id | 4.15 | 4.15 |
Nimbus_jose+jwt | Connect2id | 4.12 | 4.12 |
Nimbus_jose+jwt | Connect2id | 4.2 | 4.2 |
Nimbus_jose+jwt | Connect2id | 1.11 | 1.11 |
Nimbus_jose+jwt | Connect2id | 3.8.2 | 3.8.2 |
Nimbus_jose+jwt | Connect2id | 2.14 | 2.14 |
Nimbus_jose+jwt | Connect2id | 1.2 | 1.2 |
Nimbus_jose+jwt | Connect2id | 1.6 | 1.6 |
Nimbus_jose+jwt | Connect2id | 4.36.1 | 4.36.1 |
Nimbus_jose+jwt | Connect2id | 2.19.1 | 2.19.1 |
Nimbus_jose+jwt | Connect2id | 2.3 | 2.3 |
Nimbus_jose+jwt | Connect2id | 3.9.1 | 3.9.1 |
Nimbus_jose+jwt | Connect2id | 2.23 | 2.23 |
Nimbus_jose+jwt | Connect2id | 4.13 | 4.13 |
Nimbus_jose+jwt | Connect2id | 4.14 | 4.14 |
Nimbus_jose+jwt | Connect2id | 4.33 | 4.33 |
Nimbus_jose+jwt | Connect2id | 4.37.1 | 4.37.1 |
Nimbus_jose+jwt | Connect2id | 2.7 | 2.7 |
Nimbus_jose+jwt | Connect2id | 4.11.1 | 4.11.1 |
Nimbus_jose+jwt | Connect2id | 4.5 | 4.5 |
Nimbus_jose+jwt | Connect2id | 3.2 | 3.2 |
Nimbus_jose+jwt | Connect2id | 2.0.1 | 2.0.1 |
Nimbus_jose+jwt | Connect2id | 2.9 | 2.9 |
Nimbus_jose+jwt | Connect2id | 4.34.1 | 4.34.1 |
Nimbus_jose+jwt | Connect2id | 3.1.2 | 3.1.2 |
Nimbus_jose+jwt | Connect2id | 3.0 | 3.0 |
Nimbus_jose+jwt | Connect2id | 2.26.1 | 2.26.1 |
Nimbus_jose+jwt | Connect2id | 4.4 | 4.4 |
Nimbus_jose+jwt | Connect2id | 2.0 | 2.0 |
Nimbus_jose+jwt | Connect2id | 4.20 | 4.20 |
Nimbus_jose+jwt | Connect2id | 3.2.2 | 3.2.2 |
Nimbus_jose+jwt | Connect2id | 1.3 | 1.3 |
Nimbus_jose+jwt | Connect2id | 4.23 | 4.23 |
Nimbus_jose+jwt | Connect2id | 4.29 | 4.29 |
Nimbus_jose+jwt | Connect2id | 4.30 | 4.30 |
Nimbus_jose+jwt | Connect2id | 2.11.0 | 2.11.0 |
Nimbus_jose+jwt | Connect2id | 3.9.2 | 3.9.2 |
Nimbus_jose+jwt | Connect2id | 4.3.1 | 4.3.1 |
Nimbus_jose+jwt | Connect2id | 4.16 | 4.16 |
Nimbus_jose+jwt | Connect2id | 1.0 | 1.0 |
Nimbus_jose+jwt | Connect2id | 2.21 | 2.21 |
Nimbus_jose+jwt | Connect2id | 1.12 | 1.12 |
Nimbus_jose+jwt | Connect2id | 4.16.2 | 4.16.2 |
Nimbus_jose+jwt | Connect2id | 2.15 | 2.15 |
Nimbus_jose+jwt | Connect2id | 2.15.1 | 2.15.1 |
Nimbus_jose+jwt | Connect2id | 3.8 | 3.8 |
Nimbus_jose+jwt | Connect2id | 4.26.1 | 4.26.1 |
Nimbus_jose+jwt | Connect2id | 2.5 | 2.5 |
Nimbus_jose+jwt | Connect2id | 4.15.1 | 4.15.1 |
Nimbus_jose+jwt | Connect2id | 4.32 | 4.32 |
Nimbus_jose+jwt | Connect2id | 4.22 | 4.22 |
Nimbus_jose+jwt | Connect2id | 2.2 | 2.2 |
Nimbus_jose+jwt | Connect2id | 2.13.1 | 2.13.1 |
Nimbus_jose+jwt | Connect2id | 3.3 | 3.3 |
Nimbus_jose+jwt | Connect2id | 2.26 | 2.26 |
Nimbus_jose+jwt | Connect2id | 2.18.2 | 2.18.2 |
Nimbus_jose+jwt | Connect2id | 3.8.1 | 3.8.1 |
Nimbus_jose+jwt | Connect2id | 3.1.1 | 3.1.1 |
Nimbus_jose+jwt | Connect2id | 4.25 | 4.25 |
Nimbus_jose+jwt | Connect2id | 2.22.1 | 2.22.1 |
Nimbus_jose+jwt | Connect2id | 4.31 | 4.31 |
Nimbus_jose+jwt | Connect2id | 4.11 | 4.11 |
Nimbus_jose+jwt | Connect2id | 4.11.2 | 4.11.2 |
Nimbus_jose+jwt | Connect2id | 4.7 | 4.7 |
Nimbus_jose+jwt | Connect2id | 4.18 | 4.18 |
Nimbus_jose+jwt | Connect2id | 4.26 | 4.26 |
Nimbus_jose+jwt | Connect2id | 3.9 | 3.9 |
Nimbus_jose+jwt | Connect2id | 2.17.1 | 2.17.1 |
Nimbus_jose+jwt | Connect2id | 2.8 | 2.8 |
Nimbus_jose+jwt | Connect2id | 4.1 | 4.1 |
Nimbus_jose+jwt | Connect2id | 4.0.1 | 4.0.1 |
Nimbus_jose+jwt | Connect2id | 4.28 | 4.28 |