Vulnerability Description
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Evolution-Ews | < 3.31.3 |
| Redhat | Enterprise Linux | 7.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2019:3699
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890Issue TrackingThird Party Advisory
- https://gitlab.gnome.org/GNOME/evolution-ews/issues/27Issue TrackingThird Party Advisory
- https://access.redhat.com/errata/RHSA-2019:3699
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3890Issue TrackingThird Party Advisory
- https://gitlab.gnome.org/GNOME/evolution-ews/issues/27Issue TrackingThird Party Advisory
FAQ
What is CVE-2019-3890?
CVE-2019-3890 is a vulnerability with a CVSS score of 8.1 (HIGH). It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to...
How severe is CVE-2019-3890?
CVE-2019-3890 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-3890?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Evolution-Ews, Redhat Enterprise Linux.