Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.1
CVSSv3

CVE-2019-3890

Published: 01/08/2019 Updated: 09/10/2019
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Gnome

Vulnerability Summary

It exists evolution-ews prior to 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome evolution-ews

redhat enterprise linux 8.0

redhat enterprise linux 7.0

Vendor Advisories

Debian CVElist Bug Report Logs: evolution-ews: CVE-2019-3890
Debian Bug report logs - #926712 evolution-ews: CVE-2019-3890 Package: evolution-ews; Maintainer for evolution-ews is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for evolution-ews is src:evolution-ews (PTS, buildd, popcon) Reported by: Sylvain Beucler <beuc@beucnet> Date: Tue, 9 ...
Red Hat: Moderate: evolution security and bug fix update
Synopsis Moderate: evolution security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for evolution, evolution-data-server, and evolution-ews is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A ...
Red Hat: Moderate: evolution security and bug fix update
Synopsis Moderate: evolution security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for evolution, evolution-data-server, evolution-ews, and atk is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Modera ...
Amazon Linux 2: ALAS2-2020-1475
It was discovered evolution-ews before 3313 does not check the validity of SSL certificates An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference (CVE-2019-3890) ...

References

CWE-295https://gitlab.gnome.org/GNOME/evolution-ews/issues/27https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890https://access.redhat.com/errata/RHSA-2019:3699https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926712https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2020-1475.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook