CVE-2011-3355
HIGHGnome Evolution-data-server3 < 3.2.1 - Missing Encryption
Title source: ruleDescription
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2011-3355
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2011-3355
Exploit, Mailing List x_refsource_misc
https://www.openwall.com/lists/oss-security/2011/09/09/1
Third Party Advisory x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052
Scores
CVSS v3
7.3
EPSS
0.0021
EPSS Percentile
43.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-311
Status
published
Products (1)
gnome/evolution-data-server3
3.0.3 - 3.2.1
Published
Nov 25, 2019
Tracked Since
Feb 18, 2026