How severe is CVE-2019-11777?

CVE-2019-11777 has a CVSS v3 score of 7.5 (HIGH).

CVE-2019-11777

Name: paho_java_client
Author: eclipse

7.5HIGH

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow on

Veröffentlicht: 9/11/2019Aktualisiert: 11/21/2024

Beschreibung

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.

KI-AnalyseKI-gestützt

Betroffene Produkte

eclipsepaho_java_client

1.2.0

Referenzen

https://bugs.eclipse.org/bugs/show_bug.cgi?id=549934
Issue TrackingVendor Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=549934
Issue TrackingVendor Advisory