How severe is CVE-2019-11777?

CVE-2019-11777 has a CVSS v3 score of 7.5 (HIGH).

CVE-2019-11777

Name: paho_java_client
Author: eclipse

7.5HIGH

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow on

Опубликовано: 9/11/2019Обновлено: 11/21/2024

Описание

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.

ИИ-АнализНа базе ИИ

Затронутые продукты

eclipsepaho_java_client

1.2.0

Ссылки

https://bugs.eclipse.org/bugs/show_bug.cgi?id=549934
Issue TrackingVendor Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=549934
Issue TrackingVendor Advisory