Smack Api
Monthly
The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.