CVE-2022-4556

Publication date 16 December 2022

Last updated 30 May 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

3.5 · Low

Score breakdown

A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m of the component Identity Handler. The manipulation of the argument fullName leads to cross site scripting. The attack may be launched remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is efac49ae91a4a325df9931e78e543f707a0f8e5e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215960.

Status

Package Ubuntu Release Status
sogo 25.04 plucky
Not affected
24.10 oracular
Not affected
24.04 LTS noble Not in release
23.10 mantic
Not affected
23.04 lunar
Not affected
22.10 kinetic Ignored end of life, was needs-triage
22.04 LTS jammy
Needs evaluation
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
14.04 LTS trusty Ignored end of standard support

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
sogo

Severity score breakdown

Parameter Value
Base score 3.5 · Low
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Scope Unchanged
Confidentiality None
Integrity impact Low
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N