Lucene search

Ubuntu.comUB:CVE-2016-6190

HistoryFeb 17, 2017 - 12:00 a.m.

CVE-2016-6190

2017-02-1700:00:00

ubuntu.com

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

46.5%

JSON

SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID
and DTSTAMP attributes, which allows remote authenticated users to obtain
sensitive information about appointments with the “View the Date & Time”
restriction, as demonstrated by correlating UIDs and DTSTAMPs between all
users.

Bugs

<https://sogo.nu/bugs/view.php?id=3696>

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchsogo< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	sogo	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2016-6190

nvd.nist.gov/vuln/detail/CVE-2016-6190

security-tracker.debian.org/tracker/CVE-2016-6190

www.cve.org/CVERecord?id=CVE-2016-6190

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

46.5%

JSON

Related for UB:CVE-2016-6190