CVE-2019-3890

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:evolution-ews:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Information

Published : 2019-08-01 14:15

Updated : 2019-10-09 23:49


NVD link : CVE-2019-3890

Mitre link : CVE-2019-3890


JSON object : View

Products Affected

gnome

  • evolution-ews

redhat

  • enterprise_linux
CWE
CWE-295

Improper Certificate Validation