Medium severity4.3OSV Advisory· Published Feb 17, 2017· Updated Jun 17, 2026
CVE-2016-6190
CVE-2016-6190
Description
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:inverse-inc:sogo:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:inverse-inc:sogo:*:*:*:*:*:*:*:*range: <=2.3.11
- cpe:2.3:a:inverse-inc:sogo:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_2:*:*:*:*:*:*
- cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_3:*:*:*:*:*:*
- cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_4:*:*:*:*:*:*
- cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_5:*:*:*:*:*:*
- cpe:2.3:a:inverse-inc:sogo:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:inverse-inc:sogo:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:inverse-inc:sogo:3.1.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225nvdPatch
- github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343dnvdPatch
- sogo.nu/bugs/view.phpnvdVendor Advisory
- www.openwall.com/lists/oss-security/2016/07/09/3nvdMailing ListVDB Entry
News mentions
0No linked articles in our index yet.