5.3
CVE-2024-23680
- EPSS 0.13%
- Veröffentlicht 19.01.2024 21:15:10
- Zuletzt bearbeitet 29.11.2025 02:15:51
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginAWS Encryption SDK for Java Improper Verification of Cryptographic Signature
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Amazon ≫ Aws Encryption Sdk Version < 1.9.0
Amazon ≫ Aws Encryption Sdk Version >= 2.0.0 < 2.2.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.318 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.