Insecure Connection Vulnerability in Evolution Data Server by Red Hat
CVE-2011-3355

7.3HIGH

Key Information:

Vendor

Evolution-data-server3

Status
Evolution-data-server3
Vendor
CVE Published:
25 November 2019

What is CVE-2011-3355?

The Evolution Data Server (version 3.0.3 to 3.2.1) exhibits a critical flaw by employing an insecure (non-SSL) connection for storing sent email messages on a remote server. This vulnerability allows an attacker to intercept and retrieve the login credentials of users, posing a significant risk to email security and user privacy. Ensuring a secure connection is crucial in protecting sensitive information from potential exploitation.

Affected Version(s)

evolution-data-server3 3.0.3 through 3.2.1

References

https://security-tracker.debian.org/tracker/CVE-2011-3355
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355
x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-3355
x_refsource_MISC

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.