Vulnerabilities > Amazon > Amazon WEB Services Internet OF Things Device Software Development KIT V2 > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-23 CVE-2021-40828 Improper Certificate Validation vulnerability in Amazon products
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows.
low complexity
amazon CWE-295
8.8
2021-11-23 CVE-2021-40829 Improper Certificate Validation vulnerability in Amazon web Services Internet of Things Device Software Development KIT V2
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS.
low complexity
amazon CWE-295
8.8
2021-11-23 CVE-2021-40830 Improper Certificate Validation vulnerability in Amazon products
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems.
low complexity
amazon CWE-295
8.8
2021-11-23 CVE-2021-40831 Improper Certificate Validation vulnerability in Amazon products
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems.
network
low complexity
amazon CWE-295
7.2