PT-2019-6668 · Gnome · Evolution Data Server

Jan Lieskovsky

Published

2019-11-25

Updated

2019-12-14

CVE-2011-3355

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions evolution-data-server3 versions 3.0.3 through 3.2.1

Description The issue arises when the Sent folder is located on a remote server, and the software uses an insecure, non-SSL connection to store sent email messages. This flaw could allow an attacker to obtain the login credentials of the victim.

Recommendations For evolution-data-server3 versions 3.0.3 through 3.2.1, consider configuring the software to use a secure SSL connection when storing sent email messages in the Sent folder on a remote server. As a temporary workaround, restrict access to the Sent folder on the remote server to minimize the risk of exploitation.

Exploit

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2011-3355

Affected Products

Evolution Data Server

PT-2019-6668 · Gnome · Evolution Data Server

CVE-2011-3355

Weakness Enumeration

Related Identifiers

Affected Products

References · 7