CVE-2021-26911

Exploit

core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Canarymail ≫ Canary Mail Version3.20 SwPlatformiphone_os

Canarymail ≫ Canary Mail Version3.21 SwPlatformiphone_os

Libmailcore ≫ Mailcore2 Version0.6.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.514

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

Patch

Third Party Advisory

Mailing List

Third Party Advisory

Product

Third Party Advisory

Exploit

Third Party Advisory

Patch

Third Party Advisory

Patch

Third Party Advisory

Mailing List

CVE Source (NVD)

CVE Source (JSON)

EUVD