EPSS
Percentile
43.4%
Apache Qpid Proton-J transport is vulnerable to man-in-the-middle attack. The attack is possible since it passes all the certificates as trusted by default if a verification mode is not specifically set.
issues.apache.org/jira/browse/PROTON-1962
mail-archives.apache.org/mod_mbox/qpid-users/201811.mbox/%3CCAFitrpQSV73Vz7rJYfLJK7gvEymZSCR5ooWUeU8j4jzRydk-eg%40mail.gmail.com%3E
qpid.apache.org/cves/CVE-2018-17187.html