Amazon S3 Encryption Client for Java < 4.0.0 Key Commitment (AWS-2025-032)

The version of Amazon S3 Encryption Client for Java on the remote host is 4.0.0. It is, therefore, affected by a key commitment vulnerability as referenced in the AWS-2025-032 advisory. Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write...

SUSE CVE-2025-14764

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigat...