CVE-2016-6189
4.3
MEDIUM
CVSS 3.1
EPSS 0.17%
Description
Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.
How to fix CVE-2016-6189
To remediate CVE-2016-6189, upgrade the affected package to a fixed version below.
- Debian/sogo—upgrade to 3.2.4-0.2 or later
Is CVE-2016-6189 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.2.4-0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |