Vulnerability Details CVE-2019-11777
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2019-11777
-
cpe:2.3:a:eclipse:paho_java_client:1.2.0