ROSA LABROSA-SA-2021-1831Advisory ROSA-SA-2021-1831
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
6.8 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
73.1%
Software: evolution-data-server 3.28.5
OS: Cobalt 7.9
CVE-ID: CVE-2020-14928
CVE-Crit: MEDIUM
CVE-DESC: From evolution-data-server (eds) to 3.36.3 there is an issue with STARTTLS buffering that affects SMTP and POP3. When the server sends a “start TLS” response, eds reads additional data and evaluates it in the context of TLS, also known as “response injection”.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-16117
CVE-Crit: MEDIUM
CVE-DESC: In GNOME evolution-data-server before 3.35.91, a malicious server can cause a NULL pointer dereferencing mail client to fail by sending an invalid (e.g., minimal) CAPABILITY string when attempting to connect. This is related to imapx_free_capability and imapx_connect_to_server.
CVE-STATUS: default
CVE-REV: default
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
6.8 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
73.1%