It exists evolution-ews prior to 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnome evolution-ews |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux 7.0 |