9.8

CVE-2016-10727

Exploit

EPSS 1.08%
Published 20.07.2018 04:29:00
Last modified 21.11.2024 02:44:36
Source cve@mitre.org
Teams watchlist Login
Open Login

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Gnome ≫ Evolution Version < 3.21.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.08%	0.771

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://bugzilla.redhat.com/show_bug.cgi?id=1334842

Patch

Third Party Advisory

Exploit

Issue Tracking

https://github.com/GNOME/evolution-data-server/releases/tag/EVOLUTION_DATA_SERVER_3_21_2

Third Party Advisory

https://gitlab.gnome.org/GNOME/evolution-data-server/blob/master/NEWS#L1022

Vendor Advisory

https://gitlab.gnome.org/GNOME/evolution-data-server/commit/f26a6f67

Patch

Vendor Advisory

https://usn.ubuntu.com/3724-1/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-10727

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-10727

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-10727

EUVD