CVE-2011-3355
HIGHevolution-data-server3 3.0.3-3.2.1 - Unauthenticated Sensitive Data Exposure via Non-SSL Connection
Title source: llmDescription
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server. An attacker could use this flaw to obtain login credentials of the victim.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2011-3355
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3355
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2011-3355
Exploit, Mailing List x_refsource_misc
https://www.openwall.com/lists/oss-security/2011/09/09/1
Third Party Advisory x_refsource_misc
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641052
Scores
CVSS v3
7.3
EPSS
0.0078
EPSS Percentile
51.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-311
Status
published
Products (1)
gnome/evolution-data-server3
3.0.3 - 3.2.1
Published
Nov 25, 2019
Tracked Since
Feb 18, 2026