CWE
755 248
Advisory Published
CVE Published
Updated

CVE-2019-17195

First published: Tue Oct 15 2019(Updated: )

A flaw was found in Connect2id Nimbus JOSE+JWT prior to version 7.9. While processing JSON web tokens (JWT), nimbus-jose-jwt can throw various uncaught exceptions resulting in an application crash, information disclosure, or authentication bypass. The highest threat from this vulnerability is to data confidentiality and system availability.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
redhat/apache-commons-beanutils<0:1.8.3-15.el7_7
0:1.8.3-15.el7_7
redhat/ovirt-engine-extension-aaa-misc<0:1.0.4-1.el7e
0:1.0.4-1.el7e
redhat/ovirt-fast-forward-upgrade<0:1.0.0-17.el7e
0:1.0.0-17.el7e
redhat/rhvm-dependencies<0:4.3.2-1.el7e
0:4.3.2-1.el7e
redhat/nimbus-jose-jwt<7.9
7.9
IBM Pub<=7.0.1
IBM Pub<=7.0.2
IBM Pub<=7.0
IBM Engineering Requirements Quality Assistant<=All
IBM Rational DOORS Next Generation<=7.0.2
IBM Rational DOORS Next Generation<=7.0
IBM Rational DOORS Next Generation<=7.0.1
IBM Engineering Lifecycle Management<=6.0.6.1
IBM Engineering Lifecycle Management<=6.0.6
IBM Engineering Lifecycle Management (ELM)<=7.0.2
IBM Engineering Lifecycle Management (ELM)<=7.0
IBM Engineering Lifecycle Management (ELM)<=7.0.1
IBM Engineering Workflow Management (EWM)<=7.0.2
IBM Engineering Workflow Management (EWM)<=7.0.1
IBM Rational Team Concert<=6.0.6.1
IBM Engineering Workflow Management (EWM)<=7.0
IBM Rational Team Concert<=6.0.6
Connect2id Nimbus JOSE+JWT<7.9
Apache Hadoop=3.2.1
Oracle Communications Cloud Native Core Network Repository Function=1.7.0
Oracle Communications Pricing Design Center=12.0.0.3.0
Oracle Data Integrator=12.2.1.4.0
Oracle Enterprise Manager=13.4.0.0
Oracle Healthcare Data Repository=8.1.0
Oracle Insurance Policy Administration>=11.0<=11.3.1
Oracle JD Edwards EnterpriseOne Orchestrator<=9.2.5.3
Oracle JD Edwards EnterpriseOne Tools<=9.2.5.3
Oracle PeopleTools=8.58
Oracle PeopleTools=8.59
Oracle Policy Automation>=12.2.0<=12.2.22
Oracle Primavera Gateway>=18.8.0<=18.8.11
Oracle Primavera Gateway=19.12.0
Oracle Solaris Cluster=4.0
Oracle WebLogic Server=12.2.1.3.0
Oracle WebLogic Server=12.2.1.4.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2019-17195?

    CVE-2019-17195 is a vulnerability found in Connect2id Nimbus JOSE+JWT prior to version 7.9.

  • What is the severity of CVE-2019-17195?

    The severity of CVE-2019-17195 is critical with a CVSS score of 9.8.

  • How does CVE-2019-17195 affect Connect2id Nimbus JOSE+JWT?

    CVE-2019-17195 can result in an application crash, information disclosure, or authentication bypass.

  • How can I fix CVE-2019-17195?

    To fix CVE-2019-17195, update Connect2id Nimbus JOSE+JWT to version 7.9.

  • Where can I find more information about CVE-2019-17195?

    You can find more information about CVE-2019-17195 at the following references: [link1], [link2], [link3].

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203