CVE-2011-3355

EUVD-2011-3319
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
gnomeevolution-data-server3
3.0.3 ≤
𝑥
≤ 3.2.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
evolution-data-server
hardy
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/cve-2011-3355
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355
https://security-tracker.debian.org/tracker/CVE-2011-3355
https://www.openwall.com/lists/oss-security/2011/09/09/1
https://access.redhat.com/security/cve/cve-2011-3355
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355
https://security-tracker.debian.org/tracker/CVE-2011-3355
https://www.openwall.com/lists/oss-security/2011/09/09/1