Vulnerabilities > Inverse INC

DATE CVE VULNERABILITY TITLE RISK
2017-02-17 CVE-2016-6190 Information Exposure vulnerability in Inverse-Inc Sogo
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.
network
low complexity
inverse-inc CWE-200
4.0