What is CVE-2016-6189?

CVE-2016-6189 is a medium-severity vulnerability in Alinto Sogo, classified under Incomplete List of Disallowed Inputs. CVSS score: 4.3/10. Published 2017-02-17.

How severe is CVE-2016-6189?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Is CVE-2016-6189 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Alinto Sogo

CVE-2016-6189

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

EPSS: 0.002 (38.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Alinto Sogo
N/a — versions n/a

Weakness classification (CWE)

CWE-184 — Incomplete List of Disallowed Inputs

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2016-6189

References

cve@mitre.org (x_refsource_CONFIRM, Patch)
cve@mitre.org (x_refsource_CONFIRM, Patch)
cve@mitre.org (mailing-list, x_refsource_MLIST, Mailing List, VDB Entry)
cve@mitre.org (x_refsource_CONFIRM, Exploit, Vendor Advisory)

Frequently asked questions

What is CVE-2016-6189?: CVE-2016-6189 is a medium-severity vulnerability in Alinto Sogo, classified under Incomplete List of Disallowed Inputs. CVSS score: 4.3/10. Published 2017-02-17.
How severe is CVE-2016-6189?: Medium severity. CVSS v3 base score is 4.3 out of 10.
Is CVE-2016-6189 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.