CVE-2020-9040
HIGHCouchbase Server Java SDK 1.7.1-2.7.1 - Improper Certificate Validation in Netty Component
Title source: llmDescription
Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.couchbase.com/resources/security#SecurityAlerts
Scores
CVSS v3
7.5
EPSS
0.0067
EPSS Percentile
46.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-295
Status
published
Products (1)
couchbase/couchbase_server_java_sdk
1.7.1 - 2.7.1.1
Published
Jun 08, 2020
Tracked Since
Feb 18, 2026