CVE-2019-11777
Description
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.727
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2022-22476,CVE-2019-11777 are fixed in IBM WebSphere 22.0.0.8 | Windows |
| Vulnerabilities CVE-2019-11777 are fixed in Eclipse-org.eclipse.paho.client.mqttv3 1.2.1 | Windows |
| Multiple Vulnerabilities are affected in IBM TXSeries for Multiplatforms 9.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 18.0.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM TXSeries for Multiplatforms 8.2 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.12.16 | Windows |
| Vulnerabilities CVE-2019-11777,CVE-2025-7338,CVE-2025-7339,CVE-2025-7783 are affected in IBM App Connect Enterprise 13.0.4.1 | Windows |
| Vulnerabilities CVE-2019-11777 are fixed in Eclipse-org.eclipse.paho.client.mqttv3 for Linux 1.2.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234