Security Advisory

CVE-2019-11777

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-09-11 17:55:21

Last updated 2024-08-04 23:03:32

Assigner eclipse

State PUBLISHED

Description

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.

← Browse all CVEs View on cve.org ↗