vulnerability
Oracle WebLogic: CVE-2019-17195 : Critical Patch Update
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Oct 15, 2019 | Jan 19, 2021 | Jan 19, 2021 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Oct 15, 2019
Added
Jan 19, 2021
Modified
Jan 19, 2021
Description
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Solution(s)
oracle-weblogic-jan-2021-cpu-12_2_1_3_0oracle-weblogic-jan-2021-cpu-12_2_1_4_0

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.