{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T17:42:18.082","vulnerabilities":[{"cve":{"id":"CVE-2019-3814","sourceIdentifier":"secalert@redhat.com","published":"2019-03-27T13:29:01.337","lastModified":"2026-06-17T02:35:38.617","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users."},{"lang":"es","value":"Se ha descubierto que Dovecot, en versiones anteriores a la 2.2.36.1 y 2.3.4.1, gestiona de manera incorrecta los certificados del cliente. Un atacante remoto en posesión de un certificado válido con un campo \"username\" vacío podría emplear este problema para suplantar a otros usuarios."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"dovecot","product":"dovecot","versions":[{"version":"2.2.36.1","status":"affected"},{"version":"2.3.4.1","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-295"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*","versionStartIncluding":"1.1.0","versionEndExcluding":"2.2.36.1","matchCriteriaId":"B7EC4FD5-8BCE-4412-B8F6-53F4DD0D6CE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"2.3.4.1","matchCriteriaId":"4C44A57B-1823-40EE-A24F-44144C505859"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","matchCriteriaId":"8D305F7A-D159-4716-AB26-5E38BB5CD991"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","matchCriteriaId":"07C312A0-CD2C-4B9C-B064-6409B25C278F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","matchCriteriaId":"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00067.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:3467","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3814","source":"secalert@redhat.com","tags":["Issue Tracking","Release Notes","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/","source":"secalert@redhat.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/","source":"secalert@redhat.com"},{"url":"https://security.gentoo.org/glsa/201904-19","source":"secalert@redhat.com"},{"url":"https://www.dovecot.org/list/dovecot/2019-February/114575.html","source":"secalert@redhat.com","tags":["Exploit","Mailing List","Vendor Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00067.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:3467","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3814","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Release Notes","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4XLI55NGRDTGMVOPYFCPPFNPA5VKYSSY/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QHFZ5OWRIZGIWZJ5PTNVWWZNLLNH4XYS/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201904-19","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.dovecot.org/list/dovecot/2019-February/114575.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Vendor Advisory"]}]}}]}