CVE-2021-40828
- EPSS 0.1%
- Published 23.11.2021 00:15:07
- Last modified 21.11.2024 06:24:51
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS han...
CVE-2021-40830
- EPSS 0.1%
- Published 23.11.2021 00:15:07
- Last modified 21.11.2024 06:24:52
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user...
CVE-2021-40831
- EPSS 0.28%
- Published 23.11.2021 00:15:07
- Last modified 21.11.2024 06:24:52
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridde...