Vulnerabilities > Amazon > Amazon WEB Services AWS C IO > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-23 CVE-2021-40828 Improper Certificate Validation vulnerability in Amazon products
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows.
low complexity
amazon CWE-295
8.8
8.8
2021-11-23 CVE-2021-40830 Improper Certificate Validation vulnerability in Amazon products
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems.
low complexity
amazon CWE-295
8.8
8.8
2021-11-23 CVE-2021-40831 Improper Certificate Validation vulnerability in Amazon products
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems.
network
low complexity
amazon CWE-295
7.2
7.2