CVE-2014-3494

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.

kio/usernotificationhandler.cpp en POP3 kioslave en kdelibs 4.10.95 anterior a 4.13.3 no genera debidamente notificaciones de aviso, lo que permite a atacantes man-in-the-middle obtener información sensible a través de un certificado inválido.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-05-14 CVE Reserved
2014-06-30 CVE Published
2024-06-29 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (4)

URL	Tag	Source
http://www.securityfocus.com/bid/68113	Vdb Entry

URL	Date	SRC
http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html	2018-10-30
http://www.kde.org/info/security/advisory-20140618-1.txt	2018-10-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.10.97 Search vendor "Kde" for product "Kdelibs" and version "4.10.97"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.11.0 Search vendor "Kde" for product "Kdelibs" and version "4.11.0"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.11.1 Search vendor "Kde" for product "Kdelibs" and version "4.11.1"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.11.2 Search vendor "Kde" for product "Kdelibs" and version "4.11.2"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.11.3 Search vendor "Kde" for product "Kdelibs" and version "4.11.3"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.11.4 Search vendor "Kde" for product "Kdelibs" and version "4.11.4"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.11.5 Search vendor "Kde" for product "Kdelibs" and version "4.11.5"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.11.80 Search vendor "Kde" for product "Kdelibs" and version "4.11.80"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.11.90 Search vendor "Kde" for product "Kdelibs" and version "4.11.90"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.11.95 Search vendor "Kde" for product "Kdelibs" and version "4.11.95"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.11.97 Search vendor "Kde" for product "Kdelibs" and version "4.11.97"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.12.0 Search vendor "Kde" for product "Kdelibs" and version "4.12.0"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.12.1 Search vendor "Kde" for product "Kdelibs" and version "4.12.1"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.12.2 Search vendor "Kde" for product "Kdelibs" and version "4.12.2"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.12.3 Search vendor "Kde" for product "Kdelibs" and version "4.12.3"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.12.4 Search vendor "Kde" for product "Kdelibs" and version "4.12.4"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.12.5 Search vendor "Kde" for product "Kdelibs" and version "4.12.5"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.12.80 Search vendor "Kde" for product "Kdelibs" and version "4.12.80"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.12.90 Search vendor "Kde" for product "Kdelibs" and version "4.12.90"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.12.95 Search vendor "Kde" for product "Kdelibs" and version "4.12.95"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.12.97 Search vendor "Kde" for product "Kdelibs" and version "4.12.97"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.13.0 Search vendor "Kde" for product "Kdelibs" and version "4.13.0"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.13.1 Search vendor "Kde" for product "Kdelibs" and version "4.13.1"		-		Affected