Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2016-6190

Published: 17/02/2017 Updated: 22/02/2017
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to Sogo

Vulnerability Summary

SOGo prior to 2.3.12 and 3.x prior to 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.

Vulnerable Product Search on Vulmon Subscribe to Product

inverse-inc sogo 3.1.0

inverse-inc sogo 3.0.1

inverse-inc sogo

inverse-inc sogo 3.0.0

inverse-inc sogo 3.0.2

References

CWE-200https://sogo.nu/bugs/view.php?id=3696https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343dhttps://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225http://www.openwall.com/lists/oss-security/2016/07/09/3https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook