Sensitive Information Disclosure in SOGo Calendar Feeds

Sensitive Information Disclosure in SOGo Calendar Feeds

CVE-2016-6189 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.

Learn more about our User Device Pen Test.