CVE-2020-16971: Azure SDK for Java Security Feature Bypass Vulnerability
Overview
- Severity
- High (CVSS 7.4)
- CVSS Vector
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
- Category
- Elevation of Privilege
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2020-Dec
- Released
- 2020-12-08
- Last Updated
- 2024-10-16
- EPSS Score
- 2.30% (percentile: 84.7%)
Affected Products (3)
Azure
- Azure SDK for Java
- azure-core-amqp on Azure SDK for Java
- azure-eventhubs on Azure SDK for Java
Security Updates (3)
Acknowledgments
Aapo Oksman of <a href="https://www.nixu.com/">Nixu Cybersecurity</a>
Revision History
- 2020-12-08: Information published.
- 2024-10-16: In the Security Updates table, added azure-core-amqp package and azure-eventhubs package both installed in Azure SDK for Java as they are also affected by this vulnerability. Microsoft strongly recommends that customers install the updates published Oct 2020 linked in the Security Updates table to be fully protected from the vulnerability. Customers who are using package versions higher than the fixed build specified in the Security Updates table are protected and do not need to take any further action.