{"id":"UBUNTU-CVE-2016-6189","details":"Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.","modified":"2026-05-20T16:03:20.562223637Z","published":"2017-02-17T17:59:00Z","upstream":["CVE-2016-6189"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-6189"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2016-6189"}],"affected":[{"package":{"name":"sogo","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/sogo?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.2.17a-1","2.2.17a-1.1","2.2.17a-1.1build1"],"ecosystem_specific":{"binaries":[{"binary_name":"sogo","binary_version":"2.2.17a-1.1build1"},{"binary_version":"2.2.17a-1.1build1","binary_name":"sogo-common"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-6189.json"}},{"package":{"name":"sogo","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/sogo?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.11.2-4","5.12.1-1","5.12.1-1build2","5.12.1-2","5.12.1-3"],"ecosystem_specific":{"binaries":[{"binary_version":"5.12.1-3","binary_name":"sogo"},{"binary_version":"5.12.1-3","binary_name":"sogo-activesync"},{"binary_name":"sogo-common","binary_version":"5.12.1-3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-6189.json"}},{"package":{"name":"sogo","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/sogo?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.12.1-3","5.12.4-1","5.12.4-1.1","5.12.4-1.2"],"ecosystem_specific":{"binaries":[{"binary_version":"5.12.4-1.2","binary_name":"sogo"},{"binary_version":"5.12.4-1.2","binary_name":"sogo-activesync"},{"binary_version":"5.12.4-1.2","binary_name":"sogo-common"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-6189.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"type":"Ubuntu","score":"low"}]}