CVE-2019-0729

Опубликовано: 05 мар. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'.

Ссылки

http://www.securityfocus.com/bid/106966
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0729
Patch
Vendor Advisory
http://www.securityfocus.com/bid/106966
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0729
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:java_software_development_kit:-:*:*:*:*:azure_internet_of_things:*:*

EPSS

Процентиль: 80%

0.01415

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-330

Связанные уязвимости

CVE-2019-0729

msrc

больше 6 лет назад

Azure IoT Java SDK Elevation of Privilege Vulnerability

GHSA-62f9-2v42-4h92