Vulnerability Details CVE-2011-3355
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.8%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 4.3
References
- https://access.redhat.com/security/cve/cve-2011-3355
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355
- https://security-tracker.debian.org/tracker/CVE-2011-3355
- https://www.openwall.com/lists/oss-security/2011/09/09/1
- https://access.redhat.com/security/cve/cve-2011-3355
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355
- https://security-tracker.debian.org/tracker/CVE-2011-3355
- https://www.openwall.com/lists/oss-security/2011/09/09/1
Products affected by CVE-2011-3355
-
cpe:2.3:a:gnome:evolution-data-server3:3.0.3
-
cpe:2.3:a:gnome:evolution-data-server3:3.2.1
-
cpe:2.3:o:linux:linux_kernel:-