CVE-2016-6189

Опубликовано: 17 фев. 2017

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

Ссылки

http://www.openwall.com/lists/oss-security/2016/07/09/3
Mailing List
VDB Entry
https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
Patch
https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
Patch
https://sogo.nu/bugs/view.php?id=3695
Exploit
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/07/09/3
Mailing List
VDB Entry
https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225
Patch
https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d
Patch
https://sogo.nu/bugs/view.php?id=3695
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:*

Версия до 2.3.12 (исключая)

cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.1.1 (исключая)

EPSS

Процентиль: 39%

0.00173

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-184

Связанные уязвимости

CVE-2016-6189

CVSS3: 4.3

ubuntu

почти 9 лет назад

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

CVE-2016-6189

CVSS3: 4.3

debian

почти 9 лет назад

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows ...

GHSA-px99-x547-mjjw

CVSS3: 4.3

github

больше 3 лет назад

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

EPSS

Процентиль: 39%

0.00173

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-184