CVE-2016-6189

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

Published : 2017-02-17 17:59 Updated : 2017-02-22 17:59

4.0
CVSS Score More info
Score 4.0 / 10
4.0
Vendor Product Version URI
Inverse-inc Sogo 2.3.11 cpe:/a:inverse-inc:sogo:2.3.11
Inverse-inc Sogo 3.0.0 cpe:/a:inverse-inc:sogo:3.0.0:beta_5
Inverse-inc Sogo 3.0.0 cpe:/a:inverse-inc:sogo:3.0.0:beta_4
Inverse-inc Sogo 3.0.0 cpe:/a:inverse-inc:sogo:3.0.0:beta_3
Inverse-inc Sogo 3.1.0 cpe:/a:inverse-inc:sogo:3.1.0
Inverse-inc Sogo 3.0.1 cpe:/a:inverse-inc:sogo:3.0.1
Inverse-inc Sogo 3.0.2 cpe:/a:inverse-inc:sogo:3.0.2
Inverse-inc Sogo 3.0.0 cpe:/a:inverse-inc:sogo:3.0.0
Inverse-inc Sogo 3.0.0 cpe:/a:inverse-inc:sogo:3.0.0:beta_2
Inverse-inc Sogo 3.0.0 cpe:/a:inverse-inc:sogo:3.0.0:beta_1
  1. Inverse-inc (1) Search CVE
    1. Sogo (5) Search CVE
      1. 2.3.11
      2. 3.0.0
      3. 3.1.0
      4. 3.0.1
      5. 3.0.2

CWE

ID Name Description Links
CWE-184 Incomplete Blacklist An application uses a "blacklist" of prohibited values, but the blacklist is incomplete. CVE

History of changes

Date Event
2017-02-17 17:59

New CVE