CVE-2016-6189

{"id": "CVE-2016-6189", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2017-02-17T17:59:00.797", "references": [{"url": "http://www.openwall.com/lists/oss-security/2016/07/09/3", "tags": ["Mailing List", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "https://sogo.nu/bugs/view.php?id=3695", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-184"}]}], "descriptions": [{"lang": "en", "value": "Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds."}, {"lang": "es", "value": "Blacklist incompleta en SOGo en versiones anteriores a 2.3.12 y 3.x en versiones anteriores a 3.1.1 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible leyendo los campos en la fuente (1) ics o (2) de calendario XML."}], "lastModified": "2022-12-20T16:52:37.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D75E49A-4A29-46E4-82AF-2AF4CA019014", "versionEndExcluding": "2.3.12"}, {"criteria": "cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C9075E1-13A1-42BC-8141-8981BD1B3640", "versionEndExcluding": "3.1.1", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}