CVE-2019-3890

Summary

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

Affected Software

VendorProductVersion RangeStatus
The Gnome Projectevolution-ews3.31.3affected

Weaknesses

  • CWE-295: CWE-295
  • CWE-296: CWE-296

ADP Enrichment

CVE Program Container

Additional References

References