CVE-2019-17195
published 2019-10-15CVE-2019-17195: Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | hadoop | — | — |
| connect2id | nimbus_jose_+jwt | < 7.9 | 7.9 |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | — | — |
| oracle | communications_pricing_design_center | — | — |
| oracle | data_integrator | — | — |
| oracle | enterprise_manager_base_platform | — | — |
| oracle | healthcare_data_repository | — | — |
| oracle | insurance_policy_administration | 11.0 – 11.3.1 | — |
| oracle | jd_edwards_enterpriseone_orchestrator | <= 9.2.5.3 | — |
| oracle | jd_edwards_enterpriseone_tools | <= 9.2.5.3 | — |
| oracle | peoplesoft_enterprise_peopletools | — | — |
| oracle | peoplesoft_enterprise_peopletools | — | — |
| oracle | policy_automation | 12.2.0 – 12.2.22 | — |
| oracle | primavera_gateway | — | — |
| oracle | primavera_gateway | 18.8.0 – 18.8.11 | — |
| oracle | solaris_cluster | — | — |
| oracle | weblogic_server | — | — |
| oracle | weblogic_server | — | — |