4 matches found
CVE-2018-8119
The CVE-2018-8119 entry describes a spoofing vulnerability in the Azure IoT Device Provisioning AMQP Transport library, where certificate validation over AMQP is improper. Affected are the Azure IoT C#, C, and Java SDKs (Device Provisioning AMQP Transport) and the vulnerability enables impersonat...
CVE-2018-8479
Azure IoT SDK Spoofing Vulnerability (CVE-2018-8479) affects the C SDK for Azure IoT Device Provisioning on Windows using the HTTP transport. The root cause is improper validation of HTTP certificates in the transport library, enabling potential server impersonation via spoofing/MITM during provi...
CVE-2019-0729
The CVE-2019-0729 entry concerns Microsoft Azure IoT Java SDK. The connected MSRC advisory specifies the root cause as improper randomness in symmetric key generation, enabling an attacker to derive/predict the generated keys and gain elevated privileges. Affected component: Azure IoT Java SDK (k...
CVE-2019-0741
The CVE-2019-0741 entry describes an information-disclosure vulnerability in the Microsoft Azure IoT Java SDK where sensitive user data is logged. Affected component/file: the Java SDK’s logging of sensitive information. Root cause: logs may contain confidential data if logs are exposed, enabling...