Microsoft: >> Java Software Development Kit Security Vulnerabilities
An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'.
CVSS Score
9.8
EPSS Score
0.014
Published
2019-03-05
An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information, aka 'Azure IoT Java SDK Information Disclosure Vulnerability'.
CVSS Score
7.5
EPSS Score
0.033
Published
2019-03-05
A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK.
CVSS Score
5.6
EPSS Score
0.006
Published
2018-09-13
A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C# SDK, C SDK, Java SDK.
CVSS Score
5.6
EPSS Score
0.004
Published
2018-05-09