Lucene search
K
MicrosoftJava Software Development Kit

4 matches found

CVE
CVE
added 2018/05/09 7:0 p.m.111 views

CVE-2018-8119

The CVE-2018-8119 entry describes a spoofing vulnerability in the Azure IoT Device Provisioning AMQP Transport library, where certificate validation over AMQP is improper. Affected are the Azure IoT C#, C, and Java SDKs (Device Provisioning AMQP Transport) and the vulnerability enables impersonat...

6.8CVSS5.5AI score0.01098EPSS
CVE
CVE
added 2018/09/13 12:0 a.m.81 views

CVE-2018-8479

Azure IoT SDK Spoofing Vulnerability (CVE-2018-8479) affects the C SDK for Azure IoT Device Provisioning on Windows using the HTTP transport. The root cause is improper validation of HTTP certificates in the transport library, enabling potential server impersonation via spoofing/MITM during provi...

6.8CVSS5.7AI score0.02131EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.70 views

CVE-2019-0729

The CVE-2019-0729 entry concerns Microsoft Azure IoT Java SDK. The connected MSRC advisory specifies the root cause as improper randomness in symmetric key generation, enabling an attacker to derive/predict the generated keys and gain elevated privileges. Affected component: Azure IoT Java SDK (k...

9.8CVSS9.3AI score0.03129EPSS
CVE
CVE
added 2019/03/06 12:0 a.m.61 views

CVE-2019-0741

The CVE-2019-0741 entry describes an information-disclosure vulnerability in the Microsoft Azure IoT Java SDK where sensitive user data is logged. Affected component/file: the Java SDK’s logging of sensitive information. Root cause: logs may contain confidential data if logs are exposed, enabling...

7.5CVSS7AI score0.07351EPSS