vulnerability

IBM WebSphere Application Server: CVE-2019-11777: IBM WebSphere Application Server Liberty is vulnerable to spoofing due to Eclipse Paho (CVE-2019-11777)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Sep 11, 2019	Aug 26, 2022	Aug 26, 2022

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Sep 11, 2019

Added

Aug 26, 2022

Modified

Aug 26, 2022

Description

In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information.

Solution(s)

ibm-was-install-8-5-ph45750-libertyibm-was-upgrade-8-5-22-0-0-8-liberty

References

CVE-2019-11777
https://attackerkb.com/topics/CVE-2019-11777

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today