4.3
CVE-2016-6190
- EPSS 1.23%
- Veröffentlicht 17.02.2017 17:59:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Inverse-inc ≫ Sogo Version <= 2.3.11
Inverse-inc ≫ Sogo Version3.0.0
Inverse-inc ≫ Sogo Version3.0.0 Updatebeta_1
Inverse-inc ≫ Sogo Version3.0.0 Updatebeta_2
Inverse-inc ≫ Sogo Version3.0.0 Updatebeta_3
Inverse-inc ≫ Sogo Version3.0.0 Updatebeta_4
Inverse-inc ≫ Sogo Version3.0.0 Updatebeta_5
Inverse-inc ≫ Sogo Version3.0.1
Inverse-inc ≫ Sogo Version3.0.2
Inverse-inc ≫ Sogo Version3.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.23% | 0.65 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://www.openwall.com/lists/oss-security/2016/07/09/3
https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
https://sogo.nu/bugs/view.php?id=3696