Vulnerabilities (CVE)

Filtered by vendor Couchbase Subscribe
Filtered by product Couchbase Server Java Sdk
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-9040 1 Couchbase 1 Couchbase Server Java Sdk 2024-11-21 5.0 MEDIUM 7.5 HIGH
Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification.