PT-2019-16755 · Gnome+2 · Ses Evolution+2

Msiddiqu

·

Publicado

2019-02-15

·

Atualizado

2020-04-08

·

CVE-2019-3890

CVSS v3.1

8.1

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions evolution-ews versions prior to 3.31.3
Description The issue allows an attacker to potentially obtain confidential information by tricking a user into connecting to a fake server, as the software does not properly validate SSL certificates.
Recommendations For versions prior to 3.31.3, update to version 3.31.3 or later to resolve the issue.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295CWE-296

Identificadores relacionados

CESA-2019_3699
CESA-2020_1080
CVE-2019-3890
RHSA-2019:3699
RHSA-2019_3699
RHSA-2020:1080
RHSA-2020_1080

Produtos afetados

Centos
Red Hat
Ses Evolution