Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-38502

Опубликовано: 03 нояб. 2021
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Версия до 91.2 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 63%
0.00461
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

ubuntu логотип

CVE-2021-38502

CVSS3: 5.9
ubuntu
почти 4 года назад

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

redhat логотип

CVE-2021-38502

CVSS3: 7.5
redhat
почти 4 года назад

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

debian логотип

CVE-2021-38502

CVSS3: 5.9
debian
почти 4 года назад

Thunderbird ignored the configuration to require STARTTLS security for ...

rocky логотип

RLSA-2021:3838

rocky
почти 4 года назад

Important: thunderbird security update

github логотип

GHSA-wf24-4m95-7wjm

CVSS3: 5.9
github
около 3 лет назад

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.

EPSS

Процентиль: 63%
0.00461
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other