Home

CVE-2019-3890

Description

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.227

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2020:1080) evolution security and bug fix update atk-2.28.1-2.el7.i686.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update atk-2.28.1-2.el7.x86_64.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update atk-devel-2.28.1-2.el7.i686.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update atk-devel-2.28.1-2.el7.x86_64.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-3.28.5-8.el7.i686.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-3.28.5-8.el7.x86_64.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-bogofilter-3.28.5-8.el7.x86_64.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-data-server-3.28.5-4.el7.i686.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-data-server-3.28.5-4.el7.x86_64.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-data-server-devel-3.28.5-4.el7.i686.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-data-server-devel-3.28.5-4.el7.x86_64.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-data-server-doc-3.28.5-4.el7.noarch.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-data-server-langpacks-3.28.5-4.el7.noarch.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-data-server-perl-3.28.5-4.el7.x86_64.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-data-server-tests-3.28.5-4.el7.i686.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-data-server-tests-3.28.5-4.el7.x86_64.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-devel-3.28.5-8.el7.i686.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-devel-3.28.5-8.el7.x86_64.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-devel-docs-3.28.5-8.el7.noarch.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-ews-3.28.5-5.el7.i686.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-ews-3.28.5-5.el7.x86_64.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-ews-langpacks-3.28.5-5.el7.noarch.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-help-3.28.5-8.el7.noarch.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-langpacks-3.28.5-8.el7.noarch.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-pst-3.28.5-8.el7.x86_64.rpmLinux
(RHSA-2020:1080) evolution security and bug fix update evolution-spamassassin-3.28.5-8.el7.x86_64.rpmLinux
(CESA-2020:1080) evolution security and bug fix update atk-2.28.1-2.el7.i686.rpmLinux
(CESA-2020:1080) evolution security and bug fix update atk-2.28.1-2.el7.x86_64.rpmLinux
(CESA-2020:1080) evolution security and bug fix update atk-devel-2.28.1-2.el7.i686.rpmLinux
(CESA-2020:1080) evolution security and bug fix update atk-devel-2.28.1-2.el7.x86_64.rpmLinux
(RHSA-2020:1080)Moderate: security and bug fix update atk-debuginfo-2.28.1-2.el7.i686.rpmLinux
(RHSA-2020:1080)Moderate: security and bug fix update atk-debuginfo-2.28.1-2.el7.x86_64.rpmLinux
(RHSA-2020:1080)Moderate: security and bug fix update evolution-data-server-debuginfo-3.28.5-4.el7.i686.rpmLinux
(RHSA-2020:1080)Moderate: security and bug fix update evolution-data-server-debuginfo-3.28.5-4.el7.x86_64.rpmLinux
(RHSA-2020:1080)Moderate: security and bug fix update evolution-debuginfo-3.28.5-8.el7.i686.rpmLinux
(RHSA-2020:1080)Moderate: security and bug fix update evolution-debuginfo-3.28.5-8.el7.x86_64.rpmLinux
(RHSA-2020:1080)Moderate: security and bug fix update evolution-ews-debuginfo-3.28.5-5.el7.i686.rpmLinux
(RHSA-2020:1080)Moderate: security and bug fix update evolution-ews-debuginfo-3.28.5-5.el7.x86_64.rpmLinux
evolution-data-server, evolution-ews Security Update (ALAS-2020-1475) evolution-ews-3.28.5-5.amzn2.x86_64.rpmLinux
evolution-data-server, evolution-ews Security Update (ALAS-2020-1475) evolution-data-server-3.28.5-4.amzn2.0.1.i686.rpmLinux
evolution-data-server, evolution-ews Security Update (ALAS-2020-1475) evolution-data-server-3.28.5-4.amzn2.0.1.x86_64.rpmLinux
evolution-data-server, evolution-ews Security Update (ALAS-2020-1475) evolution-ews-langpacks-3.28.5-5.amzn2.noarch.rpmLinux
evolution-data-server, evolution-ews Security Update (ALAS-2020-1475) evolution-data-server-doc-3.28.5-4.amzn2.0.1.noarch.rpmLinux
evolution-data-server, evolution-ews Security Update (ALAS-2020-1475) evolution-data-server-perl-3.28.5-4.amzn2.0.1.x86_64.rpmLinux
evolution-data-server, evolution-ews Security Update (ALAS-2020-1475) evolution-data-server-devel-3.28.5-4.amzn2.0.1.x86_64.rpmLinux
evolution-data-server, evolution-ews Security Update (ALAS-2020-1475) evolution-data-server-tests-3.28.5-4.amzn2.0.1.i686.rpmLinux
evolution-data-server, evolution-ews Security Update (ALAS-2020-1475) evolution-data-server-tests-3.28.5-4.amzn2.0.1.x86_64.rpmLinux
evolution-data-server, evolution-ews Security Update (ALAS-2020-1475) evolution-data-server-langpacks-3.28.5-4.amzn2.0.1.noarch.rpmLinux
Improper Certificate Validation Vulnerability (CVE-2019-3890)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234