Graham Leggett

**Name of the Vulnerable Software and Affected Versions** Apache Maven version 3.0.4 **Description** The default configuration of Apache Maven, when using Maven Wagon 2.1, has a security issue where SSL certificate checks are disabled. This allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack. **Recommendations** For Apache Maven version 3.0.4, consider enabling SSL certificate checks to prevent man-in-the-middle attacks. As a temporary workaround, restrict the use of Maven Wagon 2.1 until a secure configuration or update is available.