AWS-2023-001
AWS Bulletin2023-04-25
Issue With IAM Supporting Multiple MFA Devices
Every advisory below is enriched with the Vulnetix VDB exploit-intelligence chip (hover a CVE ID in the interactive page to see CVSS, EPSS, KEV status, and PoC maturity).
Issue With IAM Supporting Multiple MFA Devices
ALAS-2023-1727: curl (medium)
CVEs:CVE-2023-27533CVE-2023-27535CVE-2023-27536
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| curl | affected | Amazon | curl | — |
ALAS-2023-1729: curl (medium)
CVEs:CVE-2022-43552CVE-2023-23916CVE-2023-27534
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| curl | affected | Amazon | curl | — |
ALAS-2023-1730: dbus (medium)
CVEs:CVE-2022-42010CVE-2022-42011CVE-2022-42012
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| dbus | affected | Amazon | dbus | — |
ALAS-2023-1731: golang (important)
CVEs:CVE-2022-30580CVE-2022-30634CVE-2022-32189CVE-2022-41717CVE-2022-41722CVE-2022-41723CVE-2022-41724CVE-2022-41725CVE-2023-24532CVE-2023-24534CVE-2023-24536CVE-2023-24537CVE-2023-24538
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| golang | affected | Amazon | golang | — |
ALAS-2023-1732: tomcat8 (important)
CVEs:CVE-2021-43980CVE-2023-28708
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| tomcat8 | affected | Amazon | tomcat8 | — |
ALAS-2023-1733: jasper (important)
CVEs:CVE-2020-27828CVE-2021-26926CVE-2021-26927CVE-2021-3272CVE-2021-3443CVE-2021-3467
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| jasper | affected | Amazon | jasper | — |
ALAS-2023-1712: emacs (important)
CVEs:CVE-2022-45939CVE-2022-48337CVE-2022-48339
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| emacs | affected | Amazon | emacs | — |
ALAS-2023-1713: python27 (important)
CVEs:CVE-2022-45061CVE-2023-24329
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| python27 | affected | Amazon | python27 | — |
ALAS-2023-1714: python38 (important)
CVEs:CVE-2022-45061CVE-2023-24329
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| python38 | affected | Amazon | python38 | — |
ALAS-2023-1715: microcode_ctl (important)
CVEs:CVE-2022-21216CVE-2022-33196CVE-2022-38090
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| microcode_ctl | affected | Amazon | microcode_ctl | — |
ALAS-2023-1716: vim (important)
CVEs:CVE-2022-2522CVE-2022-2849CVE-2022-2862CVE-2022-2982CVE-2022-3016CVE-2022-3256CVE-2022-3324CVE-2022-3491CVE-2022-47024CVE-2023-0051CVE-2023-0054CVE-2023-1170CVE-2023-1175CVE-2023-1264CVE-2023-1355
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| vim | affected | Amazon | vim | — |
ALAS-2023-1717: python-twisted-web (important)
CVEs:CVE-2022-24801CVE-2022-39348
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| python-twisted-web | affected | Amazon | python-twisted-web | — |
ALAS-2023-1718: log4j (important)
CVEs:CVE-2022-23302CVE-2022-23305CVE-2022-23307
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| log4j | affected | Amazon | log4j | — |
ALAS-2023-1719: openvpn (low)
CVEs:CVE-2022-0547
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| openvpn | affected | Amazon | openvpn | — |
ALAS-2023-1720: python-babel (medium)
CVEs:CVE-2021-42771
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| python-babel | affected | Amazon | python-babel | — |
ALAS-2023-1721: gd (important)
CVEs:CVE-2021-40145
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| gd | affected | Amazon | gd | — |
ALAS-2023-1722: exim (important)
CVEs:CVE-2021-38371
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| exim | affected | Amazon | exim | — |
ALAS-2023-1723: sssd (important)
CVEs:CVE-2021-3621CVE-2022-4254
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| sssd | affected | Amazon | sssd | — |
ALAS-2023-1724: yasm (medium)
CVEs:CVE-2021-33454CVE-2021-33459
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| yasm | affected | Amazon | yasm | — |
ALAS-2023-1725: ghostscript (important)
CVEs:CVE-2020-27792
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| ghostscript | affected | Amazon | ghostscript | — |
ALAS-2023-1726: db4 (important)
CVEs:CVE-2017-10140
| Product | Status | Vendor | Package | Ecosystem |
|---|---|---|---|---|
| db4 | affected | Amazon | db4 | — |
Every CVE above is indexed in the Vulnetix VDB with KEV, EPSS, and PoC maturity. The interactive page surfaces that on hover.