Vulnerability CVE-2016-6189


Published: 2017-02-17

Description:
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Inverse-inc -> SOGO 

 References:
http://www.openwall.com/lists/oss-security/2016/07/09/3
https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
https://sogo.nu/bugs/view.php?id=3695

Copyright 2024, cxsecurity.com

 

Back to Top