MidnightBSD

Advisories for inverse-inc

CVE-2016-6190 MEDIUM

SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
inverse-inc sogo *
inverse-inc sogo 3.0.1
inverse-inc sogo 3.0.0
inverse-inc sogo 3.0.2
inverse-inc sogo 3.1.0