How severe is CVE-2019-11777?

CVE-2019-11777 has a CVSS v3 score of 7.5 (HIGH).

CVE-2019-11777

Name: paho_java_client
Author: eclipse

7.5HIGH

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow on

Publicado: 9/11/2019Atualizado: 11/21/2024

Descrição

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.

Análise IADesenvolvido por IA

Produtos Afetados

eclipsepaho_java_client

1.2.0

Referências

https://bugs.eclipse.org/bugs/show_bug.cgi?id=549934
Issue TrackingVendor Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=549934
Issue TrackingVendor Advisory