Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2019-11777 Vulnerability in maven package org.eclipse.paho:org.eclipse.paho.client.mqttv3

Description

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.

Remediation

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=549934

Related Vulnerabilities

CVE-2020-27218 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2020-1727 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2022-22984 Vulnerability in npm package snyk-mvn-plugin

CVE-2022-41255 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt

CVE-2023-24442 Vulnerability in maven package org.jenkins-ci.plugins:github-pr-coverage-status

Severity

High

Classification

CWE-346 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Issue Tracking Vendor Advisory