How severe is CVE-2016-6189?

CVE-2016-6189 has a CVSS v3 score of 4.3 (MEDIUM).

CVE-2016-6189

Name: sogo
Author: alinto

4.3MEDIUM

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

公開日: 2/17/2017更新日: 4/20/2025

説明

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

AI分析AIによる分析

影響を受ける製品

alintosogo

参照

http://www.openwall.com/lists/oss-security/2016/07/09/3
Mailing ListVDB Entry
https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
Patch
https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
Patch
https://sogo.nu/bugs/view.php?id=3695
ExploitVendor Advisory
http://www.openwall.com/lists/oss-security/2016/07/09/3
Mailing ListVDB Entry
https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
Patch
https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
Patch
https://sogo.nu/bugs/view.php?id=3695
ExploitVendor Advisory