EPSS
Percentile
45.6%
It was discovered evolution-ews does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.
bugzilla.redhat.com/show_bug.cgi?id=1678313
nvd.nist.gov/vuln/detail/CVE-2019-3890
www.cve.org/CVERecord?id=CVE-2019-3890