CVE-2016-6189 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 39%

Vendor	Product	Version
alinto	sogo	𝑥 < 2.3.12
alinto	sogo	3.0.0 ≤ 𝑥 < 3.1.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

sogo

bullseye (security)	5.0.1-4+deb11u1 fixed
bullseye	5.0.1-4+deb11u1 fixed
bookworm	5.8.0-1 fixed
sid	5.11.2-1 fixed
trixie	5.11.2-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

sogo

noble	dne
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
disco	not-affected
cosmic	not-affected
bionic	not-affected
artful	ignored
zesty	ignored
yakkety	ignored
xenial	needed
wily	ignored
trusty	dne
precise	dne

Known Exploits!

Common Weakness Enumeration

CWE-184 - Incomplete List of Disallowed Inputs
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.

References

http://www.openwall.com/lists/oss-security/2016/07/09/3

https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225

https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d

https://sogo.nu/bugs/view.php?id=3695

http://www.openwall.com/lists/oss-security/2016/07/09/3

https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225

https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d

https://sogo.nu/bugs/view.php?id=3695