All the vulnerabilites related to blackberry - enterprise_server
Vulnerability from fkie_nvd
Published
2014-02-14 13:10
Modified
2024-11-21 02:04
Severity ?
Summary
BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.blackberry.com/btsc/KB35647 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.blackberry.com/btsc/KB35647 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:blackberry_enterprise_service:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA67ED1D-4044-49EE-A121-859BE0A1310E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:blackberry_enterprise_service:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42436FB4-EB59-4C5D-83F1-24157DFDE49F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:blackberry_enterprise_service:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA706838-BCB8-412C-BA77-A000B7D2CA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:blackberry_enterprise_service:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "866EDC2E-6F3E-4A67-8148-C2A17604EDBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:blackberry_universal_device_service:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23A14899-9C4B-413B-8368-B5D0F5C533F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:*:mr6:*:*:*:exchange_server:*:*",
"matchCriteriaId": "2DA556F9-46B9-45B5-9C9D-B26DACEDDB65",
"versionEndIncluding": "5.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:*:mr6:*:*:*:groupwise:*:*",
"matchCriteriaId": "2FDAD19A-0945-42C6-8F4B-F55F5783B024",
"versionEndIncluding": "5.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:*:mr6:*:*:*:lotus_domino:*:*",
"matchCriteriaId": "C0AAB4A4-0FD3-4BB5-BD3A-766EA82782FE",
"versionEndIncluding": "5.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server_express:*:*:*:*:*:exchange_server:*:*",
"matchCriteriaId": "9C651084-46B5-46D3-97CF-0A5F725118CA",
"versionEndIncluding": "5.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server_express:*:*:*:*:*:lotus_domino:*:*",
"matchCriteriaId": "C4ABF930-2D5B-4FA6-8043-28FE4686A14A",
"versionEndIncluding": "5.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file."
},
{
"lang": "es",
"value": "BlackBerry Enterprise Service 10 anterior a 10.2.1, Universal Device Service 6, Enterprise Server Express para Domino hasta 5.0.4, Enterprise Server Express for Exchange hasta 5.0.4, Enterprise Server para Domino hasta 5.0.4 MR6, Enterprise Server para Exchange hasta 5.0.4 MR6 y Enterprise Server para GroupWise hasta 5.0.4 MR6 registran credenciales en texto plano durante el manejo de excepciones, lo que podr\u00eda permitir a atacantes dependientes de contexto obtener informaci\u00f3n sensible mediante la lectura de un archivo de registro."
}
],
"id": "CVE-2014-1467",
"lastModified": "2024-11-21T02:04:19.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-14T13:10:30.637",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB35647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB35647"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-22 18:59
Modified
2024-11-21 02:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD07BC9-0A0C-4563-A4CC-186134CAF50F",
"versionEndIncluding": "12.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la Management Console en BlackBerry Enterprise Server (BES) 12 en versiones anteriores a 12.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada, una vulnerabilidad diferente a CVE-2016-1917."
}
],
"id": "CVE-2016-1918",
"lastModified": "2024-11-21T02:47:21.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-22T18:59:04.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB38118"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB38118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035568"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-21 16:41
Modified
2024-11-21 00:48
Severity ?
Summary
Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | enterprise_server | 4.1 | |
| blackberry | enterprise_server | 4.1.3 | |
| blackberry | enterprise_server | 4.1.4 | |
| blackberry | enterprise_server | 4.1.5 | |
| blackberry | unite | 1.0 | |
| blackberry | unite | 1.0.1 | |
| rim | blackberry_enterprise_server | 4.1.3 | |
| rim | blackberry_enterprise_server | 4.1.4 | |
| rim | blackberry_enterprise_server | 4.1.5 | |
| rim | blackberry_enterprise_server_for_domino | * | |
| rim | blackberry_enterprise_server_for_exchange | * | |
| rim | blackberry_enterprise_server_for_novell_groupwise | * | |
| rim | blackberry_unite | 1.0 | |
| rim | blackberry_unite | 1.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:4.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1B8B0D10-A7DD-4D8A-B994-6A41FD7AA8C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "014E79FB-0E10-4BEF-9618-F436A6CF3F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F7B0D729-6092-4A9C-ADE6-2D770417891F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "965CD573-84C1-4456-9C28-6FBD9B0596A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unite:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "90B1FF3F-4FF8-409F-B93B-39423FD34CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unite:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D2A93A7-823C-48BF-A421-37524CF8DC68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4BD344A-EE9C-4ECB-8CB1-35146FD6F056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B1694E42-9AA5-4503-9714-CBDE388481A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F378AF-E25B-4D60-AF7E-9E6FB228BF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C53C3B7A-7C80-478C-9D69-B9C22D84B48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server_for_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3B5350-5796-47F1-B2D1-E8AC86D28C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server_for_novell_groupwise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C218F357-9BA3-48E7-AD07-8E7A7B70ECAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rim:blackberry_unite:1.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "BB792C74-CD6A-4903-8D11-59B0393F74CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rim:blackberry_unite:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FF3712A-46BB-4DC1-947F-228EEF5DBAB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en el componente PDF distiller en el BlackBerry Attachment Service en BlackBerry Unite! 1.0 SP1 (1.0.1) anterior a bundle 36 y BlackBerry Enterprise Server 4.1 SP3 (4.1.3) a la v4.1 SP5 (4.1.5), permite atacantes remotos asistidos por el usuario ejecutar c\u00f3digod e su elecci\u00f3n a trav\u00e9s de un fichero PDF adjunto manipulado."
}
],
"id": "CVE-2008-3246",
"lastModified": "2024-11-21T00:48:47.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-21T16:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31092"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31141"
},
{
"source": "cve@mitre.org",
"url": "http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/289235"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020505"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2108/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43840"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/289235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2108/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43843"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-19 11:59
Modified
2024-11-21 02:30
Severity ?
Summary
The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | enterprise_server | 12.0 | |
| blackberry | enterprise_server | 12.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84168B45-9DAB-4403-AA76-4A9F5590FC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E213D153-A8E7-428B-B60B-65E8AD47128A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a \"cross frame scripting\" issue."
},
{
"lang": "es",
"value": "Management Console en BlackBerry Enterprise Server (BES) 12 en versiones anteriores a 12.2 no restringe adecuadamente el uso de elementos FRAME, lo que hace que sea mas f\u00e1cil para atacantes remotos llevar a cabo ataques de secuestro de clic a trav\u00e9s de un sitio web manipulado, relacionado a un problema \u0027cross frame scripting\u0027."
}
],
"id": "CVE-2015-4112",
"lastModified": "2024-11-21T02:30:27.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-11-19T11:59:00.093",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB37573"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1034154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB37573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034154"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-18 11:15
Modified
2024-11-21 02:04
Severity ?
Summary
BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | blackberry_enterprise_service | 10.0 | |
| blackberry | blackberry_enterprise_service | 10.1.0 | |
| blackberry | blackberry_enterprise_service | 10.1.2 | |
| blackberry | blackberry_enterprise_service | 10.2.0 | |
| blackberry | blackberry_enterprise_service | 10.2.1 | |
| blackberry | enterprise_server | * | |
| blackberry | enterprise_server | * | |
| blackberry | enterprise_server | * | |
| blackberry | enterprise_server_express | 5.0.4 | |
| blackberry | enterprise_server_express | 5.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:blackberry_enterprise_service:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA67ED1D-4044-49EE-A121-859BE0A1310E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:blackberry_enterprise_service:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42436FB4-EB59-4C5D-83F1-24157DFDE49F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:blackberry_enterprise_service:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA706838-BCB8-412C-BA77-A000B7D2CA8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:blackberry_enterprise_service:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "866EDC2E-6F3E-4A67-8148-C2A17604EDBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:blackberry_enterprise_service:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9DD7005-7E51-48D2-A5AE-4411745D9ADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:*:mr6:*:*:*:exchange_server:*:*",
"matchCriteriaId": "2DA556F9-46B9-45B5-9C9D-B26DACEDDB65",
"versionEndIncluding": "5.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:*:mr6:*:*:*:groupwise:*:*",
"matchCriteriaId": "2FDAD19A-0945-42C6-8F4B-F55F5783B024",
"versionEndIncluding": "5.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:*:mr6:*:*:*:lotus_domino:*:*",
"matchCriteriaId": "C0AAB4A4-0FD3-4BB5-BD3A-766EA82782FE",
"versionEndIncluding": "5.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server_express:5.0.4:*:*:*:*:exchange_server:*:*",
"matchCriteriaId": "9ECE29AA-75D7-4288-9447-2753831F66B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server_express:5.0.4:*:*:*:*:lotus_domino:*:*",
"matchCriteriaId": "9A911907-56F0-41FD-97E0-065D8BD45607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file."
},
{
"lang": "es",
"value": "BlackBerry Enterprise Server 5.x anterior a 5.0.4 MR7 y Enterprise Service 10.x anterior a 10.2.2 registran las credenciales en texto plano durante el manejo de excepciones, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura del fichero del registro de excepciones."
}
],
"id": "CVE-2014-1469",
"lastModified": "2024-11-21T02:04:19.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-18T11:15:25.387",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60154"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB36175"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/69211"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB36175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95264"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-22 18:59
Modified
2024-11-21 02:49
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD07BC9-0A0C-4563-A4CC-186134CAF50F",
"versionEndIncluding": "12.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la Management Console en BlackBerry Enterprise Server (BES) 12 en versiones anteriores a 12.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2016-3126",
"lastModified": "2024-11-21T02:49:25.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-22T18:59:07.177",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB38119"
},
{
"source": "secure@blackberry.com",
"url": "http://www.securitytracker.com/id/1035568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB38119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035568"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-22 18:59
Modified
2024-11-21 02:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD07BC9-0A0C-4563-A4CC-186134CAF50F",
"versionEndIncluding": "12.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la Management Console en BlackBerry Enterprise Server (BES) 12 en versiones anteriores a 12.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada, una vulnerabilidad diferente a CVE-2016-1918."
}
],
"id": "CVE-2016-1917",
"lastModified": "2024-11-21T02:47:21.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-22T18:59:03.330",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB38118"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB38118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035568"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-22 18:59
Modified
2024-11-21 02:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | enterprise_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BD07BC9-0A0C-4563-A4CC-186134CAF50F",
"versionEndIncluding": "12.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la Management Console en BlackBerry Enterprise Server (BES) 12 en versiones anteriores a 12.4.1 permite a usuarios autenticados remotos inyectar secuencias de comandos web o HTML arbitrarios aprovechando acceso administrativo b\u00e1sico para crear una pol\u00edtica manipulada, dando lugar al renderizado incorrecto en una determinada pantalla Export IT."
}
],
"id": "CVE-2016-1916",
"lastModified": "2024-11-21T02:47:21.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-22T18:59:02.003",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB38117"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.blackberry.com/btsc/KB38117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035568"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2014-1467
Vulnerability from cvelistv5
Published
2014-02-14 02:00
Modified
2024-08-06 09:42
Severity ?
EPSS score ?
Summary
BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.blackberry.com/btsc/KB35647 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/KB35647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-14T02:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/KB35647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.blackberry.com/btsc/KB35647",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/KB35647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1467",
"datePublished": "2014-02-14T02:00:00",
"dateReserved": "2014-01-15T00:00:00",
"dateUpdated": "2024-08-06T09:42:35.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3126
Vulnerability from cvelistv5
Published
2016-04-22 18:00
Modified
2024-08-05 23:47
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035568 | vdb-entry, x_refsource_SECTRACK | |
| http://www.blackberry.com/btsc/KB38119 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:47:57.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035568",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035568"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/KB38119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"name": "1035568",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035568"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/KB38119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2016-3126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035568",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035568"
},
{
"name": "http://www.blackberry.com/btsc/KB38119",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/KB38119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2016-3126",
"datePublished": "2016-04-22T18:00:00",
"dateReserved": "2016-03-11T00:00:00",
"dateUpdated": "2024-08-05T23:47:57.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3246
Vulnerability from cvelistv5
Published
2008-07-21 16:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/31141 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43843 | vdb-entry, x_refsource_XF | |
| http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43840 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/289235 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securitytracker.com/id?1020505 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/31092 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2108/references | vdb-entry, x_refsource_VUPEN | |
| http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31141"
},
{
"name": "blackberry-unite-pdf-code-execution(43843)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43843"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html"
},
{
"name": "blackberry-es-pdf-code-execution(43840)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43840"
},
{
"name": "VU#289235",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/289235"
},
{
"name": "1020505",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020505"
},
{
"name": "31092",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31092"
},
{
"name": "ADV-2008-2108",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2108/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31141",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31141"
},
{
"name": "blackberry-unite-pdf-code-execution(43843)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43843"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html"
},
{
"name": "blackberry-es-pdf-code-execution(43840)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43840"
},
{
"name": "VU#289235",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/289235"
},
{
"name": "1020505",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020505"
},
{
"name": "31092",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31092"
},
{
"name": "ADV-2008-2108",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2108/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31141"
},
{
"name": "blackberry-unite-pdf-code-execution(43843)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43843"
},
{
"name": "http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/articles/660/KB15766_f.SAL_Public.html"
},
{
"name": "blackberry-es-pdf-code-execution(43840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43840"
},
{
"name": "VU#289235",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/289235"
},
{
"name": "1020505",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020505"
},
{
"name": "31092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31092"
},
{
"name": "ADV-2008-2108",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2108/references"
},
{
"name": "http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/articles/635/KB15770_f.SAL_Public.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3246",
"datePublished": "2008-07-21T16:00:00",
"dateReserved": "2008-07-21T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-4112
Vulnerability from cvelistv5
Published
2015-11-19 11:00
Modified
2024-08-06 06:04
Severity ?
EPSS score ?
Summary
The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.blackberry.com/btsc/KB37573 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1034154 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.892Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/KB37573"
},
{
"name": "1034154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a \"cross frame scripting\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/KB37573"
},
{
"name": "1034154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a \"cross frame scripting\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.blackberry.com/btsc/KB37573",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/KB37573"
},
{
"name": "1034154",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4112",
"datePublished": "2015-11-19T11:00:00",
"dateReserved": "2015-05-28T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1918
Vulnerability from cvelistv5
Published
2016-04-22 18:00
Modified
2024-08-05 23:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035568 | vdb-entry, x_refsource_SECTRACK | |
| http://www.blackberry.com/btsc/KB38118 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035568",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035568"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/KB38118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1035568",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035568"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/KB38118"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035568",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035568"
},
{
"name": "http://www.blackberry.com/btsc/KB38118",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/KB38118"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1918",
"datePublished": "2016-04-22T18:00:00",
"dateReserved": "2016-01-15T00:00:00",
"dateUpdated": "2024-08-05T23:10:40.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1469
Vulnerability from cvelistv5
Published
2014-08-18 10:00
Modified
2024-08-06 09:42
Severity ?
EPSS score ?
Summary
BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/69211 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95264 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/60154 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.blackberry.com/btsc/KB36175 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69211",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69211"
},
{
"name": "blackberry-cve20141469-info-disc(95264)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95264"
},
{
"name": "60154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60154"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/KB36175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69211",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69211"
},
{
"name": "blackberry-cve20141469-info-disc(95264)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95264"
},
{
"name": "60154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60154"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/KB36175"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69211"
},
{
"name": "blackberry-cve20141469-info-disc(95264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95264"
},
{
"name": "60154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60154"
},
{
"name": "http://www.blackberry.com/btsc/KB36175",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/KB36175"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1469",
"datePublished": "2014-08-18T10:00:00",
"dateReserved": "2014-01-15T00:00:00",
"dateUpdated": "2024-08-06T09:42:35.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1917
Vulnerability from cvelistv5
Published
2016-04-22 18:00
Modified
2024-08-05 23:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035568 | vdb-entry, x_refsource_SECTRACK | |
| http://www.blackberry.com/btsc/KB38118 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035568",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035568"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/KB38118"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1035568",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035568"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/KB38118"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035568",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035568"
},
{
"name": "http://www.blackberry.com/btsc/KB38118",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/KB38118"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1917",
"datePublished": "2016-04-22T18:00:00",
"dateReserved": "2016-01-15T00:00:00",
"dateUpdated": "2024-08-05T23:10:40.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1916
Vulnerability from cvelistv5
Published
2016-04-22 18:00
Modified
2024-08-05 23:10
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035568 | vdb-entry, x_refsource_SECTRACK | |
| http://www.blackberry.com/btsc/KB38117 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035568",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035568"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.blackberry.com/btsc/KB38117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-30T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1035568",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035568"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.blackberry.com/btsc/KB38117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-1916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035568",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035568"
},
{
"name": "http://www.blackberry.com/btsc/KB38117",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/KB38117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-1916",
"datePublished": "2016-04-22T18:00:00",
"dateReserved": "2016-01-15T00:00:00",
"dateUpdated": "2024-08-05T23:10:40.263Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}