Описание
Azure IoT Java SDK Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information. An attacker can exploit this vulnerability if a user has exposed the logs on the internet (or an attacker was able to get the logs) and can use this information to compromise the device.
This update addresses this vulnerability by not storing sensitive information in the logs.
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is device information like resource ids, sas tokens, user properties, and other sensitive information.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information, aka 'Azure IoT Java SDK Information Disclosure Vulnerability'.
An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information, aka 'Azure IoT Java SDK Information Disclosure Vulnerability'.
EPSS