CVE-2016-6190

MEDIUM

SOGo <2.3.12-3.1.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.

Scores

CVSS v3 4.3
EPSS 0.0123
EPSS Percentile 65.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (5)
inverse-inc/sogo 3.0.0 (6 CPE variants)
inverse-inc/sogo 3.0.1
inverse-inc/sogo 3.0.2
inverse-inc/sogo 3.1.0
inverse-inc/sogo < 2.3.11
Published Feb 17, 2017
Tracked Since Feb 18, 2026