KB Article #178961

nimbus-jose-jwt-4.27 vulnerabilities CVE-2017-12972, CVE-2017-12973, CVE-2017-12974

Problem

-- Is API Gateway vulnerable to CVE-2017-12972, CVE-2017-12973, CVE-2017-12974 (related to 3rd party component nimbus-jose-jwt-4.27)

https://nvd.nist.gov/vuln/detail/CVE-2017-12972 - CVSS score 7.5
https://nvd.nist.gov/vuln/detail/CVE-2017-12973 - CVSS score 3.1
https://nvd.nist.gov/vuln/detail/CVE-2017-12974 - CVSS score 7.5

Resolution

* API Gateway is vulnerable. Fix will be delivered in 7.5.3_SP4.

* If this component is used in custom configuration (script filter) configuration will need to be reviewed / eventually modified. Documentation will be updated accordingly.

Still need help?

If this information wasn't helpful to you, just drop us a line. We'll get back to you as soon as possible.