VYPR
Medium severity4.3OSV Advisory· Published Feb 17, 2017· Updated Jun 17, 2026

CVE-2016-6190

CVE-2016-6190

Description

SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • Range: SOGo-2.0.1, SOGo-2.0.2, SOGo-2.2.17a, …
  • Inverse Inc/Sogo10 versions
    cpe:2.3:a:inverse-inc:sogo:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:inverse-inc:sogo:*:*:*:*:*:*:*:*range: <=2.3.11
    • cpe:2.3:a:inverse-inc:sogo:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_1:*:*:*:*:*:*
    • cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_2:*:*:*:*:*:*
    • cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_3:*:*:*:*:*:*
    • cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_4:*:*:*:*:*:*
    • cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_5:*:*:*:*:*:*
    • cpe:2.3:a:inverse-inc:sogo:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:inverse-inc:sogo:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:inverse-inc:sogo:3.1.0:*:*:*:*:*:*:*
  • SOGo/SOGollm-fuzzy
    Range: <2.3.12, <3.1.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.