CVE-2019-0729
Summary
| CVE | CVE-2019-0729 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-03-05 23:29:00 UTC |
| Updated | 2021-07-21 11:39:00 UTC |
| Description | An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'. |
Risk And Classification
Problem Types: CWE-330
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Java Software Development Kit | - | All | All | All |
| Application | Microsoft | Java Software Development Kit | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Microsoft Azure IoT Java SDK CVE-2019-0729 Remote Privilege Escalation Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0729 | CONFIRM | portal.msrc.microsoft.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.