CVE-2019-11777 Vulnerability Details

  /     /     /  

CVE-2019-11777 Metadata Quick Info

CVE Published: 11/09/2019 | CVE Updated: 04/08/2024 | CVE Year: 2019
Source: eclipse | Vendor: The Eclipse Foundation | Product: Eclipse Paho
Status : PUBLISHED

---

CVE-2019-11777 Description

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-346
CWE Name: CWE-346: Origin Validation Error
Source: The Eclipse Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).