Vulnerable Library - bc-fips-2.1.2.jar
The BC-FJA 2.1.* series is a FIPS 140-3 certified Java implementation with additional Intel native hardware support for AES-NI and SHA-256 where supported. The package has been certified to FIPS 140-3 level 1. This jar contains JCE provider and low-level API for the BC-FJA version 2.1.2, a patched version of BC-FJA-2.1.0, interim FIPS Certificate #4943. Please see certificate for certified platform details.
Library home page: https://www.bouncycastle.org/download/bouncy-castle-java-fips/
Path to vulnerable library: /dgrv4_Gateway_serv/libsext/bc-fips-2.1.2.jar
Vulnerabilities
| Vulnerability |
Severity |
 CVSS |
Dependency |
Type |
Fixed in (bc-fips version) |
Remediation Possible** |
| CVE-2026-8149 |
 Medium |
4.0 |
bc-fips-2.1.2.jar |
Direct |
N/A |
❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2026-8149
Vulnerable Library - bc-fips-2.1.2.jar
The BC-FJA 2.1.* series is a FIPS 140-3 certified Java implementation with additional Intel native hardware support for AES-NI and SHA-256 where supported. The package has been certified to FIPS 140-3 level 1. This jar contains JCE provider and low-level API for the BC-FJA version 2.1.2, a patched version of BC-FJA-2.1.0, interim FIPS Certificate #4943. Please see certificate for certified platform details.
Library home page: https://www.bouncycastle.org/download/bouncy-castle-java-fips/
Path to vulnerable library: /dgrv4_Gateway_serv/libsext/bc-fips-2.1.2.jar
Dependency Hierarchy:
- ❌ bc-fips-2.1.2.jar (Vulnerable Library)
Found in base branch: main
Vulnerability Details
A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X86_64, AVX, AVX-512f.
This vulnerability is associated with program files gcm128w, gcm512w.
This issue affects BC-LTS: from 2.73.0 before 2.73.11.
Publish Date: 2026-05-08
URL: CVE-2026-8149
CVSS 3 Score Details (4.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Step up your Open Source Security Game with Mend here
The BC-FJA 2.1.* series is a FIPS 140-3 certified Java implementation with additional Intel native hardware support for AES-NI and SHA-256 where supported. The package has been certified to FIPS 140-3 level 1. This jar contains JCE provider and low-level API for the BC-FJA version 2.1.2, a patched version of BC-FJA-2.1.0, interim FIPS Certificate #4943. Please see certificate for certified platform details.
Library home page: https://www.bouncycastle.org/download/bouncy-castle-java-fips/
Path to vulnerable library: /dgrv4_Gateway_serv/libsext/bc-fips-2.1.2.jar
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - bc-fips-2.1.2.jar
The BC-FJA 2.1.* series is a FIPS 140-3 certified Java implementation with additional Intel native hardware support for AES-NI and SHA-256 where supported. The package has been certified to FIPS 140-3 level 1. This jar contains JCE provider and low-level API for the BC-FJA version 2.1.2, a patched version of BC-FJA-2.1.0, interim FIPS Certificate #4943. Please see certificate for certified platform details.
Library home page: https://www.bouncycastle.org/download/bouncy-castle-java-fips/
Path to vulnerable library: /dgrv4_Gateway_serv/libsext/bc-fips-2.1.2.jar
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X86_64, AVX, AVX-512f.
This vulnerability is associated with program files gcm128w, gcm512w.
This issue affects BC-LTS: from 2.73.0 before 2.73.11.
Publish Date: 2026-05-08
URL: CVE-2026-8149
CVSS 3 Score Details (4.0)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here