Vulnerability Details : CVE-2011-3355
Potential exploit
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.
Products affected by CVE-2011-3355
- cpe:2.3:a:gnome:evolution-data-server3:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3355
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3355
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
|
7.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
NIST |
CWE ids for CVE-2011-3355
-
The product does not encrypt sensitive or critical information before storage or transmission.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3355
-
https://www.openwall.com/lists/oss-security/2011/09/09/1
oss-security - CVE Request -- evolution -- Uses insecure (non-SSL) connection when storing the sent message into the Sent folderExploit;Mailing List
-
https://access.redhat.com/security/cve/cve-2011-3355
Red Hat Customer Portal - Access to 24x7 support and knowledgeThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355
707848 – (CVE-2011-3355) CVE-2011-3355 evolution: IMAP does non-SSL connection when storing to Sent folderIssue Tracking;Third Party Advisory
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052
#641052 - evolution uses insecure connection when storing the sent message to the sent folder - Debian Bug report logsThird Party Advisory
-
https://security-tracker.debian.org/tracker/CVE-2011-3355
CVE-2011-3355Third Party Advisory
Jump to