Vulnerability Database

296,223

Total vulnerabilities in the database

CVE-2016-6190

SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.

Published: Feb 17, 2017
Updated: Apr 13, 2023
CVE: CVE-2016-6190
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
inverse-inc / sogo	3.0.2	3.0.2.x
inverse-inc / sogo	3.0.0-beta_4	3.0.0-beta_4.x
inverse-inc / sogo	3.0.0-beta_3	3.0.0-beta_3.x
inverse-inc / sogo	-	2.3.11.x
inverse-inc / sogo	3.0.0-beta_5	3.0.0-beta_5.x
inverse-inc / sogo	3.1.0	3.1.0.x
inverse-inc / sogo	3.0.1	3.0.1.x
inverse-inc / sogo	3.0.0	3.0.0.x
inverse-inc / sogo	3.0.0-beta_1	3.0.0-beta_1.x
inverse-inc / sogo	3.0.0-beta_2	3.0.0-beta_2.x