CVE-2019-3890

moderate-risk

Published 2019-08-01

It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / LOW complexity

Affected Products (3)

Evolution-Ews

Enterprise Linux

Affected Vendors

Redhat Gnome

References (6)

https://access.redhat.com/errata/RHSA-2019:3699

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890

Issue Tracking https://gitlab.gnome.org/GNOME/evolution-ews/issues/27

https://access.redhat.com/errata/RHSA-2019:3699

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890

Issue Tracking https://gitlab.gnome.org/GNOME/evolution-ews/issues/27

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 0/34 · Minimal

Exposure 9/34 · Low