AWS Encryption SDK for Java Improper Verification of Cryptographic Signature

Go back

severity: medium
date: January 19, 2024
Affecting: AWS Encryption SDK for Java versions starting at 2.0.0 up to 2.2.0
AWS Encryption SDK for Java versions less than 1.9.0
CVE: CVE-2024-23680
CVE type: Improper Verification of Cryptographic Signature
CVSS: 5.9
CVSS V3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
References: Vendor Advisory
Third Party Advisory