Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMACDBABA4BEBC098DA37120100F01E67DFD9D6040A03A389FA5C51B8B867A3D91
HistoryDec 14, 2020 - 2:44 a.m.

Security Bulletin: A vulnerability have been identified in jwt-go shipped with IBM Netcool Operations Insight Event Integrations Operator (CVE-2020-26160)

2020-12-1402:44:14
www.ibm.com
9

0.002 Low

EPSS

Percentile

57.0%

JSON

Summary

jwt-go is a dependency shipped with IBM Netcool Operations Insight Event Integrations Operator. Information about the security vulnerability affecting jwt-go has been published. (CVE-2020-26160)

Vulnerability Details

CVEID:CVE-2020-26160
**DESCRIPTION:**jwt-go could allow a remote attacker to bypass security restrictions, caused by a type assertion failure when m[โ€œaudโ€] happens to be []string{}. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189408 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Netcool Operations Insight Event Integrations Operator 1.0.0 up to 1.1.0

Remediation/Fixes

Product(s) Version(s)
IBM Netcool Operations Insight Event Integrations Operator 1.2.0
You can download this package from the IBM Passport Advantage website:

www.ibm.com/software/howtobuy/passportadvantage/pao_customers.htm

To obtain this new package, use the Find by part number field to search for part number:CC8YGML

Workarounds and Mitigations

None

CPENameOperatorVersion
netcool operations insighteq1.6.

Related

osv 4
github 1
cgr 1
ibm 8
veracode 1
debiancve 1
redhat 7
redhatcve 1
cvelist 1
wolfi 1
nvd 1
ubuntucve 1
alpinelinux 1
prion 1
cve 1
osv
osv
CVE-2020-26160
2020-09-30 18:15:27
CGA-6hxx-3pwx-j6mh
2024-06-21 16:22:55
Authorization bypass in github.com/dgrijalva/jwt-go
2021-04-14 20:04:52
github
github
Authorization bypass in github.com/dgrijalva/jwt-go
2021-05-18 21:08:21
cgr
cgr
CVE-2020-26160 vulnerabilities
2024-05-19 03:07:16
ibm
ibm
Security Bulletin: A jwt-go vulnerability affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2020-26160)
2023-01-12 21:59:00
Security Bulletin: IBM Security Guardium Insights is affected by JWT-Go vulnerability (CVE-2020-26160)
2022-02-02 16:08:31
Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Kubernetes.
2023-02-14 21:14:53
veracode
veracode
Authorization Bypass
2020-09-30 00:55:36
debiancve
debiancve
CVE-2020-26160
2020-09-30 18:15:27
redhat
redhat
(RHSA-2021:0516) Moderate: Release of OpenShift Serverless 1.13.0 security update
2021-02-15 14:47:44
(RHSA-2021:5110) Moderate: Cryostat security update
2021-12-14 12:44:18
(RHSA-2021:2042) Moderate: Red Hat OpenShift Container Storage 4.7 RPM security, bug fix, and enhancement update
2021-05-19 09:48:29
redhatcve
redhatcve
CVE-2020-26160
2020-09-30 22:37:10
cvelist
cvelist
CVE-2020-26160
2020-09-30 12:57:10
wolfi
wolfi
CVE-2020-26160 vulnerabilities
2024-07-05 21:08:40
nvd
nvd
CVE-2020-26160
2020-09-30 18:15:27
ubuntucve
ubuntucve
CVE-2020-26160
2020-09-30 00:00:00
alpinelinux
alpinelinux
CVE-2020-26160
2020-09-30 18:15:27
prion
prion
Design/Logic Flaw
2020-09-30 18:15:00
cve
cve
CVE-2020-26160
2020-09-30 18:15:27

0.002 Low

EPSS

Percentile

57.0%

JSON
Related for ACDBABA4BEBC098DA37120100F01E67DFD9D6040A03A389FA5C51B8B867A3D91
osv4github1cgr1ibm8veracode1debiancve1redhat7redhatcve1cvelist1wolfi1nvd1ubuntucve1alpinelinux1prion1cve1