Amazon Web Services Internet Of Things Device Software Development Kit V2 Security Vulnerabilities and Issues — Amazon Web Services Internet Of Things Device Software Development Kit V2 CVE List

Lucene search

AmazonAmazon Web Services Internet Of Things Device Software Development Kit V2

4 matches found

CVE•added 2021/11/23 12:15 a.m.•86 views

CVE-2021-40829

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA...

8.8CVSS7.2AI score0.00102EPSS

CVE•added 2021/11/23 12:15 a.m.•82 views

CVE-2021-40828

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (C...

8.8CVSS7.2AI score0.00102EPSS

CVE•added 2021/11/23 12:15 a.m.•79 views

CVE-2021-40830

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store....

8.8CVSS7.2AI score0.00103EPSS

CVE•added 2021/11/23 12:15 a.m.•69 views

CVE-2021-40831

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer ...

7.2CVSS6.3AI score0.00278EPSS