CVE-2019-11777

CVE-2019-11777

Vendor The Eclipse Foundation
Product Eclipse Paho
Weakness CWE-346 · Origin validation
Published September 11, 2019
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.

Key dates

02Disclosure timeline

September 11, 2019 CVE published
August 4, 2024 Record updated