The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Jose4j Project
  • Jose4j
Redhat
  • Apicurio Registry
  • Jboss Enterprise Application Platform
  • Jbosseapxp
  • Openshift Serverless
  • Rhboac Hawtio

Configuration 1 [-]

cpe:2.3:a:jose4j_project:jose4j:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
HawtIO 4.0.0 for Red Hat build of Apache Camel 4
jose4j cpe:/a:redhat:rhboac_hawtio:4.0.0 RHSA-2024:3550 2024-06-03T00:00:00Z
Red Hat build of Apicurio Registry 2.6.1 GA
jose4j cpe:/a:redhat:apicurio_registry:2.6 RHSA-2024:4873 2024-07-25T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7
jose4j cpe:/a:redhat:jboss_enterprise_application_platform:7.4 RHSA-2024:8080 2024-10-14T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-hal-console-0:3.3.24-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2024:8076 2024-10-14T00:00:00Z
eap7-hibernate-validator-0:6.0.23-2.SP1_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2024:8076 2024-10-14T00:00:00Z
eap7-insights-java-client-0:1.1.3-1.redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2024:8076 2024-10-14T00:00:00Z
eap7-ironjacamar-0:1.5.18-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2024:8076 2024-10-14T00:00:00Z
eap7-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2024:8076 2024-10-14T00:00:00Z
eap7-jboss-ejb-client-0:4.0.55-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2024:8076 2024-10-14T00:00:00Z
eap7-jboss-server-migration-0:1.10.0-39.Final_redhat_00039.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2024:8076 2024-10-14T00:00:00Z
eap7-jbossws-cxf-0:5.4.12-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2024:8076 2024-10-14T00:00:00Z
eap7-jsoup-0:1.15.4-1.redhat_00003.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2024:8076 2024-10-14T00:00:00Z
eap7-undertow-jastow-0:2.0.15-1.Final_redhat_00001.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2024:8076 2024-10-14T00:00:00Z
eap7-wildfly-0:7.4.19-1.GA_redhat_00002.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2024:8076 2024-10-14T00:00:00Z
eap7-xalan-j2-0:2.7.1-37.redhat_00015.1.el8eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 RHSA-2024:8076 2024-10-14T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-hal-console-0:3.3.24-1.Final_redhat_00001.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 RHSA-2024:8077 2024-10-14T00:00:00Z
eap7-hibernate-validator-0:6.0.23-2.SP1_redhat_00001.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 RHSA-2024:8077 2024-10-14T00:00:00Z
eap7-insights-java-client-0:1.1.3-1.redhat_00001.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 RHSA-2024:8077 2024-10-14T00:00:00Z
eap7-ironjacamar-0:1.5.18-1.Final_redhat_00001.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 RHSA-2024:8077 2024-10-14T00:00:00Z
eap7-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 RHSA-2024:8077 2024-10-14T00:00:00Z
eap7-jboss-ejb-client-0:4.0.55-1.Final_redhat_00001.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 RHSA-2024:8077 2024-10-14T00:00:00Z
eap7-jboss-server-migration-0:1.10.0-39.Final_redhat_00039.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 RHSA-2024:8077 2024-10-14T00:00:00Z
eap7-jbossws-cxf-0:5.4.12-1.Final_redhat_00001.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 RHSA-2024:8077 2024-10-14T00:00:00Z
eap7-jsoup-0:1.15.4-1.redhat_00003.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 RHSA-2024:8077 2024-10-14T00:00:00Z
eap7-undertow-jastow-0:2.0.15-1.Final_redhat_00001.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 RHSA-2024:8077 2024-10-14T00:00:00Z
eap7-wildfly-0:7.4.19-1.GA_redhat_00002.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 RHSA-2024:8077 2024-10-14T00:00:00Z
eap7-xalan-j2-0:2.7.1-37.redhat_00015.1.el9eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 RHSA-2024:8077 2024-10-14T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-hal-console-0:3.3.24-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2024:8075 2024-10-14T00:00:00Z
eap7-hibernate-validator-0:6.0.23-2.SP1_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2024:8075 2024-10-14T00:00:00Z
eap7-insights-java-client-0:1.1.3-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2024:8075 2024-10-14T00:00:00Z
eap7-ironjacamar-0:1.5.18-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2024:8075 2024-10-14T00:00:00Z
eap7-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2024:8075 2024-10-14T00:00:00Z
eap7-jboss-ejb-client-0:4.0.55-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2024:8075 2024-10-14T00:00:00Z
eap7-jboss-server-migration-0:1.10.0-39.Final_redhat_00039.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2024:8075 2024-10-14T00:00:00Z
eap7-jbossws-cxf-0:5.4.12-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2024:8075 2024-10-14T00:00:00Z
eap7-jsoup-0:1.15.4-1.redhat_00003.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2024:8075 2024-10-14T00:00:00Z
eap7-undertow-jastow-0:2.0.15-1.Final_redhat_00001.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2024:8075 2024-10-14T00:00:00Z
eap7-wildfly-0:7.4.19-1.GA_redhat_00002.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2024:8075 2024-10-14T00:00:00Z
eap7-xalan-j2-0:2.7.1-37.redhat_00015.1.el7eap cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 RHSA-2024:8075 2024-10-14T00:00:00Z
Red Hat JBoss Enterprise Application Platform 8
jose4j cpe:/a:redhat:jboss_enterprise_application_platform:8.0 RHSA-2024:4392 2024-07-08T00:00:00Z
Red Hat JBoss Enterprise Application Platform Expansion Pack
cpe:/a:redhat:jbosseapxp RHSA-2024:4386 2024-07-08T00:00:00Z
RHOSS-1.33-RHEL-8
openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.33.0-5 cpe:/a:redhat:openshift_serverless:1.33::el8 RHSA-2024:4057 2024-06-24T00:00:00Z
openshift-serverless-1/logic-data-index-postgresql-rhel8:1.33.0-5 cpe:/a:redhat:openshift_serverless:1.33::el8 RHSA-2024:4057 2024-06-24T00:00:00Z
openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.33.0-5 cpe:/a:redhat:openshift_serverless:1.33::el8 RHSA-2024:4057 2024-06-24T00:00:00Z
openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.33.0-5 cpe:/a:redhat:openshift_serverless:1.33::el8 RHSA-2024:4057 2024-06-24T00:00:00Z
openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8:1.33.0-5 cpe:/a:redhat:openshift_serverless:1.33::el8 RHSA-2024:4057 2024-06-24T00:00:00Z
openshift-serverless-1/logic-operator-bundle:1.33.0-5 cpe:/a:redhat:openshift_serverless:1.33::el8 RHSA-2024:4057 2024-06-24T00:00:00Z
openshift-serverless-1/logic-rhel8-operator:1.33.0-3 cpe:/a:redhat:openshift_serverless:1.33::el8 RHSA-2024:4057 2024-06-24T00:00:00Z
openshift-serverless-1/logic-swf-builder-rhel8:1.33.0-5 cpe:/a:redhat:openshift_serverless:1.33::el8 RHSA-2024:4057 2024-06-24T00:00:00Z
openshift-serverless-1/logic-swf-devmode-rhel8:1.33.0-5 cpe:/a:redhat:openshift_serverless:1.33::el8 RHSA-2024:4057 2024-06-24T00:00:00Z
References
Link Providers
https://bitbucket.org/b_c/jose4j/issues/212 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-51775 cve-icon
https://security.netapp.com/advisory/ntap-20241108-0002/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-51775 cve-icon
History

Tue, 04 Nov 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Thu, 08 May 2025 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Jose4j Project
Jose4j Project jose4j
CPEs cpe:2.3:a:jose4j_project:jose4j:*:*:*:*:*:*:*:*
Vendors & Products Jose4j Project
Jose4j Project jose4j

Wed, 16 Oct 2024 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7.4
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9

Wed, 14 Aug 2024 20:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-25T00:00:00.000Z

Updated: 2025-11-03T21:50:19.303Z

Reserved: 2023-12-25T00:00:00.000Z

Link: CVE-2023-51775

cve-icon Vulnrichment

Updated: 2025-11-03T21:50:19.303Z

cve-icon NVD

Status : Modified

Published: 2024-02-29T01:42:05.637

Modified: 2025-11-03T22:16:31.180

Link: CVE-2023-51775

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-02-29T00:00:00Z

Links: CVE-2023-51775 - Bugzilla