Search criteria
21 vulnerabilities found for unified_endpoint_manager by blackberry
FKIE_CVE-2020-6933
Vulnerability from fkie_nvd - Published: 2020-10-14 14:15 - Updated: 2024-11-21 05:36
Severity ?
Summary
An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service.
References
| URL | Tags | ||
|---|---|---|---|
| secure@blackberry.com | https://support.blackberry.com/kb/articleDetail?articleNumber=000068112 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.blackberry.com/kb/articleDetail?articleNumber=000068112 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | unified_endpoint_manager | * | |
| blackberry | unified_endpoint_manager | 12.11.1 | |
| blackberry | unified_endpoint_manager | 12.11.1 | |
| blackberry | unified_endpoint_manager | 12.11.1 | |
| blackberry | unified_endpoint_manager | 12.12.1a | |
| blackberry | unified_endpoint_manager | 12.12.1a | |
| blackberry | unified_endpoint_manager | 12.12.1a | |
| blackberry | unified_endpoint_manager | 12.13.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9197BCE1-1698-4C0F-B301-3BD441267E26",
"versionEndIncluding": "12.11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:12.11.1:quick_fix1:*:*:*:*:*:*",
"matchCriteriaId": "F0323EF9-32E5-4F4D-A254-D593842F87D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:12.11.1:quick_fix2:*:*:*:*:*:*",
"matchCriteriaId": "7DF99522-759C-47E5-A9CD-E61635345C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:12.11.1:quick_fix3:*:*:*:*:*:*",
"matchCriteriaId": "51510A04-FCAD-48AF-9C7F-503AF0351238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:12.12.1a:-:*:*:*:*:*:*",
"matchCriteriaId": "2F252B50-9E50-4F09-9277-EF10D4B5A392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:12.12.1a:quick_fix1:*:*:*:*:*:*",
"matchCriteriaId": "FECF0383-5A03-4ABB-842D-5C580B5F83CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:12.12.1a:quick_fix2:*:*:*:*:*:*",
"matchCriteriaId": "6E0C0272-1F92-40B0-8F80-E1015A4FEDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:12.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD54C05-41CD-41A0-9D15-D626F5ECD702",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service."
},
{
"lang": "es",
"value": "Una vulnerabilidad de comprobaci\u00f3n de entrada inapropiada en el UEM Core de BlackBerry UEM versiones 12.13.0, 12.12.1a QF2 (y anteriores) y 12.11.1 QF3 (y anteriores), podr\u00eda permitir a un atacante causar potencialmente una Denegaci\u00f3n de Servicio (DoS) del servicio UEM Core"
}
],
"id": "CVE-2020-6933",
"lastModified": "2024-11-21T05:36:22.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-14T14:15:17.517",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-8888
Vulnerability from fkie_nvd - Published: 2018-12-20 20:29 - Updated: 2024-11-21 04:14
Severity ?
Summary
A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
References
| URL | Tags | ||
|---|---|---|---|
| secure@blackberry.com | http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | unified_endpoint_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22E95BF-AF47-4FF4-AA72-C78FC5FAD786",
"versionEndExcluding": "12.10.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
},
{
"lang": "es",
"value": "Una vulnerabilidad Cross-Site Scripting (XSS) persistente en la consola de gesti\u00f3n de BlackBerry UEM, en versiones anteriores a la 12.10.0, podr\u00eda permitir que un atacante almacene comandos script que podr\u00edan ejecutarse posteriormente en el contexto de otro administrador de la consola."
}
],
"id": "CVE-2018-8888",
"lastModified": "2024-11-21T04:14:31.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-20T20:29:00.403",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-8891
Vulnerability from fkie_nvd - Published: 2018-12-20 20:29 - Updated: 2024-11-21 04:14
Severity ?
Summary
Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
References
| URL | Tags | ||
|---|---|---|---|
| secure@blackberry.com | http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | unified_endpoint_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AFB64F-41FB-4D16-98BA-40F5F7B95C5E",
"versionEndExcluding": "12.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades Cross-Site Scripting (XSS) persistente en la consola de gesti\u00f3n de BlackBerry UEM, en versiones anteriores a la 12.9.1, podr\u00edan permitir que un atacante almacene comandos script que podr\u00edan ejecutarse posteriormente en el contexto de otro administrador de la consola."
}
],
"id": "CVE-2018-8891",
"lastModified": "2024-11-21T04:14:32.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-20T20:29:00.433",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-8892
Vulnerability from fkie_nvd - Published: 2018-12-20 20:29 - Updated: 2024-11-21 04:14
Severity ?
Summary
A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.
References
| URL | Tags | ||
|---|---|---|---|
| secure@blackberry.com | http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | unified_endpoint_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0AFB64F-41FB-4D16-98BA-40F5F7B95C5E",
"versionEndExcluding": "12.9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator."
},
{
"lang": "es",
"value": "Una vulnerabilidad Cross-Site Request Forgery (CSRF) en la consola de gesti\u00f3n de BlackBerry UEM, en versiones anteriores a la 12.9.1, podr\u00eda permitir que un atacante modifique las opciones de UEM en el contexto de un administrador de la consola."
}
],
"id": "CVE-2018-8892",
"lastModified": "2024-11-21T04:14:32.333",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-20T20:29:00.480",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-8890
Vulnerability from fkie_nvd - Published: 2018-10-12 13:29 - Updated: 2024-11-21 04:14
Severity ?
Summary
An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | unified_endpoint_manager | 12.8.0 | |
| blackberry | unified_endpoint_manager | 12.8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:12.8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "DC739482-1785-4288-9BC4-A9E6718A4EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:12.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "602A1B13-921B-4C82-AE61-4D13C1C493C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user\u0027s session and perform administrative actions in the context of the user."
},
{
"lang": "es",
"value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la consola de gesti\u00f3n de BlackBerry UEM 12.8.0 y 12.8.1 podr\u00eda permitir que un atacante tome el control de una sesi\u00f3n de usuario UEM y realice acciones administrativas en el contexto del usuario."
}
],
"id": "CVE-2018-8890",
"lastModified": "2024-11-21T04:14:32.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-12T13:29:00.433",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-17442
Vulnerability from fkie_nvd - Published: 2018-03-13 18:29 - Updated: 2024-11-21 03:17
Severity ?
Summary
In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | unified_endpoint_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15FD68A5-5B9A-496C-A063-8EF2587E2063",
"versionEndIncluding": "12.7.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link."
},
{
"lang": "es",
"value": "En BlackBerry UEM Management Console, en versiones 12.7.1 y anteriores, existe una vulnerabilidad de Cross-Site Scripting (XSS) que podr\u00eda permitir que un atacante ejecute comandos script en el contexto de la cuenta UEM Management Console afectada manipulando un enlace malicioso y persuadiendo a un usuario con acceso leg\u00edtimo a la Management Console para que haga clic en el enlace malicioso."
}
],
"id": "CVE-2017-17442",
"lastModified": "2024-11-21T03:17:56.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-13T18:29:00.227",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Broken Link"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000048073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-3894
Vulnerability from fkie_nvd - Published: 2017-05-10 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | enterprise_service | 12.0 | |
| blackberry | enterprise_service | 12.0.1 | |
| blackberry | enterprise_service | 12.1 | |
| blackberry | enterprise_service | 12.1.0 | |
| blackberry | enterprise_service | 12.1.1 | |
| blackberry | enterprise_service | 12.2.0 | |
| blackberry | enterprise_service | 12.2.1 | |
| blackberry | enterprise_service | 12.3.0 | |
| blackberry | enterprise_service | 12.3.1 | |
| blackberry | enterprise_service | 12.4.0 | |
| blackberry | enterprise_service | 12.4.1 | |
| blackberry | enterprise_service | 12.5.0 | |
| blackberry | enterprise_service | 12.5.1 | |
| blackberry | enterprise_service | 12.5.2 | |
| blackberry | unified_endpoint_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:enterprise_service:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56D736AE-2679-43E6-A281-F4F5D3A45B32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_service:12.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED84DDD-A736-4990-AF43-B94974B04BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_service:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03F470B0-5E8E-43EE-9DE8-59EFF2466F90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_service:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29E309B5-5F9E-4D8D-8A0A-49F3EB2B31A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_service:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD293D26-C7BB-4F89-8B8B-18F96BCDABF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_service:12.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0633AD14-B5CC-46EA-88EB-B39B1A32FB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_service:12.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6247B841-45B7-4CCE-A189-3EBFC8AB2003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_service:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE5722D-E406-4EE1-B55A-15B6B36FCFDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_service:12.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33F4B47B-A4AB-42E1-BDB6-A027B79CB3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_service:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42160112-F133-4377-9CBA-56B71AAF5678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_service:12.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE0CC41-33D3-4102-84E8-22E2C70AD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_service:12.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65F8998A-C7B7-41A0-8B1B-2C72132D49EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_service:12.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0DFB57A-A2BF-4DE5-A25B-91D91159189F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:enterprise_service:12.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9576124A-433E-4CBC-944B-9C06D794F937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F99555CB-D274-4236-B47C-E60DD334F872",
"versionEndIncluding": "12.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting almacenado en la Consola de Administraci\u00f3n de BlackBerry Unified Endpoint Manager versi\u00f3n 12.6.1 y anteriores, y todas las versiones de BES12, permite a los atacantes ejecutar acciones en el contexto de un administrador de la Consola de Administraci\u00f3n mediante la carga de un script malicioso y luego persuadiendo a un administrador destino para visualizar la ubicaci\u00f3n espec\u00edfica del script malicioso dentro de la Consola de Administraci\u00f3n."
}
],
"id": "CVE-2017-3894",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-10T16:29:00.150",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565"
},
{
"source": "secure@blackberry.com",
"url": "http://www.securityfocus.com/bid/98552"
},
{
"source": "secure@blackberry.com",
"url": "http://www.securitytracker.com/id/1038465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/98552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038465"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-6933 (GCVE-0-2020-6933)
Vulnerability from cvelistv5 – Published: 2020-10-14 13:31 – Updated: 2024-08-04 09:18
VLAI?
Summary
An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service.
Severity ?
No CVSS data available.
CWE
- Improper input validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | BlackBerry UEM |
Affected:
BlackBerry UEM version 12.13.0 BlackBerry UEM version 12.12.1a QF2 and earlier BlackBerry UEM version 12.11.1 QF3 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BlackBerry UEM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BlackBerry UEM version 12.13.0 BlackBerry UEM version 12.12.1a QF2 and earlier BlackBerry UEM version 12.11.1 QF3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-14T13:31:17",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2020-6933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlackBerry UEM",
"version": {
"version_data": [
{
"version_value": "BlackBerry UEM version 12.13.0 BlackBerry UEM version 12.12.1a QF2 and earlier BlackBerry UEM version 12.11.1 QF3 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112",
"refsource": "MISC",
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2020-6933",
"datePublished": "2020-10-14T13:31:17",
"dateReserved": "2020-01-13T00:00:00",
"dateUpdated": "2024-08-04T09:18:02.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8888 (GCVE-0-2018-8888)
Vulnerability from cvelistv5 – Published: 2018-12-20 20:00 – Updated: 2024-08-05 07:10
VLAI?
Summary
A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
Severity ?
No CVSS data available.
CWE
- Stored Cross-Site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | BlackBerry UEM |
Affected:
12.9.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BlackBerry UEM",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "12.9.1 and earlier"
}
]
}
],
"datePublic": "2018-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T19:57:01",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2018-8888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlackBerry UEM",
"version": {
"version_data": [
{
"version_value": "12.9.1 and earlier"
}
]
}
}
]
},
"vendor_name": "BlackBerry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2018-8888",
"datePublished": "2018-12-20T20:00:00",
"dateReserved": "2018-03-21T00:00:00",
"dateUpdated": "2024-08-05T07:10:46.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8891 (GCVE-0-2018-8891)
Vulnerability from cvelistv5 – Published: 2018-12-20 20:00 – Updated: 2024-08-05 07:10
VLAI?
Summary
Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
Severity ?
No CVSS data available.
CWE
- Stored Cross-Site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | BlackBerry UEM |
Affected:
12.9.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BlackBerry UEM",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "12.9.0 and earlier"
}
]
}
],
"datePublic": "2018-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T19:57:01",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2018-8891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlackBerry UEM",
"version": {
"version_data": [
{
"version_value": "12.9.0 and earlier"
}
]
}
}
]
},
"vendor_name": "BlackBerry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2018-8891",
"datePublished": "2018-12-20T20:00:00",
"dateReserved": "2018-03-21T00:00:00",
"dateUpdated": "2024-08-05T07:10:46.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8892 (GCVE-0-2018-8892)
Vulnerability from cvelistv5 – Published: 2018-12-20 20:00 – Updated: 2024-08-05 07:10
VLAI?
Summary
A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.
Severity ?
No CVSS data available.
CWE
- Cross-Site Request Forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | BlackBerry UEM |
Affected:
12.9.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BlackBerry UEM",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "12.9.0 and earlier"
}
]
}
],
"datePublic": "2018-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T19:57:01",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2018-8892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlackBerry UEM",
"version": {
"version_data": [
{
"version_value": "12.9.0 and earlier"
}
]
}
}
]
},
"vendor_name": "BlackBerry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2018-8892",
"datePublished": "2018-12-20T20:00:00",
"dateReserved": "2018-03-21T00:00:00",
"dateUpdated": "2024-08-05T07:10:46.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8890 (GCVE-0-2018-8890)
Vulnerability from cvelistv5 – Published: 2018-10-12 13:00 – Updated: 2024-09-16 16:14
VLAI?
Summary
An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | UEM |
Affected:
12.8.0 and 12.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UEM",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "12.8.0 and 12.8.1"
}
]
}
],
"datePublic": "2018-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user\u0027s session and perform administrative actions in the context of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T12:57:01",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"DATE_PUBLIC": "2018-10-09T00:00:00",
"ID": "CVE-2018-8890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UEM",
"version": {
"version_data": [
{
"version_value": "12.8.0 and 12.8.1"
}
]
}
}
]
},
"vendor_name": "BlackBerry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user\u0027s session and perform administrative actions in the context of the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2018-8890",
"datePublished": "2018-10-12T13:00:00Z",
"dateReserved": "2018-03-21T00:00:00",
"dateUpdated": "2024-09-16T16:14:12.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17442 (GCVE-0-2017-17442)
Vulnerability from cvelistv5 – Published: 2018-03-13 18:00 – Updated: 2024-09-17 03:07
VLAI?
Summary
In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.
Severity ?
No CVSS data available.
CWE
- Reflected cross-site scripting vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | UEM Management Console |
Affected:
12.7.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UEM Management Console",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "12.7.1 and earlier"
}
]
}
],
"datePublic": "2018-03-13T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.\u003c/p\u003e"
}
],
"value": "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected cross-site scripting vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-07T18:53:42.307Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"DATE_PUBLIC": "2018-03-13T00:00:00",
"ID": "CVE-2017-17442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UEM Management Console",
"version": {
"version_data": [
{
"version_value": "12.7.1 and earlier"
}
]
}
}
]
},
"vendor_name": "BlackBerry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2017-17442",
"datePublished": "2018-03-13T18:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-17T03:07:25.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3894 (GCVE-0-2017-3894)
Vulnerability from cvelistv5 – Published: 2017-05-10 16:00 – Updated: 2024-08-05 14:39
VLAI?
Summary
A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| BlackBerry | Unified Endpoint Manager |
Affected:
before 12.6.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565"
},
{
"name": "1038465",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038465"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unified Endpoint Manager",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "before 12.6.2"
}
]
},
{
"product": "BES12",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"name": "98552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565"
},
{
"name": "1038465",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038465"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2017-3894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unified Endpoint Manager",
"version": {
"version_data": [
{
"version_value": "before 12.6.2"
}
]
}
},
{
"product_name": "BES12",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "BlackBerry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98552"
},
{
"name": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565"
},
{
"name": "1038465",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038465"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2017-3894",
"datePublished": "2017-05-10T16:00:00",
"dateReserved": "2016-12-21T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6933 (GCVE-0-2020-6933)
Vulnerability from nvd – Published: 2020-10-14 13:31 – Updated: 2024-08-04 09:18
VLAI?
Summary
An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service.
Severity ?
No CVSS data available.
CWE
- Improper input validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | BlackBerry UEM |
Affected:
BlackBerry UEM version 12.13.0 BlackBerry UEM version 12.12.1a QF2 and earlier BlackBerry UEM version 12.11.1 QF3 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BlackBerry UEM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "BlackBerry UEM version 12.13.0 BlackBerry UEM version 12.12.1a QF2 and earlier BlackBerry UEM version 12.11.1 QF3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper input validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-14T13:31:17",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2020-6933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlackBerry UEM",
"version": {
"version_data": [
{
"version_value": "BlackBerry UEM version 12.13.0 BlackBerry UEM version 12.12.1a QF2 and earlier BlackBerry UEM version 12.11.1 QF3 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112",
"refsource": "MISC",
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2020-6933",
"datePublished": "2020-10-14T13:31:17",
"dateReserved": "2020-01-13T00:00:00",
"dateUpdated": "2024-08-04T09:18:02.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8888 (GCVE-0-2018-8888)
Vulnerability from nvd – Published: 2018-12-20 20:00 – Updated: 2024-08-05 07:10
VLAI?
Summary
A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
Severity ?
No CVSS data available.
CWE
- Stored Cross-Site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | BlackBerry UEM |
Affected:
12.9.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BlackBerry UEM",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "12.9.1 and earlier"
}
]
}
],
"datePublic": "2018-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T19:57:01",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2018-8888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlackBerry UEM",
"version": {
"version_data": [
{
"version_value": "12.9.1 and earlier"
}
]
}
}
]
},
"vendor_name": "BlackBerry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2018-8888",
"datePublished": "2018-12-20T20:00:00",
"dateReserved": "2018-03-21T00:00:00",
"dateUpdated": "2024-08-05T07:10:46.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8891 (GCVE-0-2018-8891)
Vulnerability from nvd – Published: 2018-12-20 20:00 – Updated: 2024-08-05 07:10
VLAI?
Summary
Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
Severity ?
No CVSS data available.
CWE
- Stored Cross-Site Scripting
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | BlackBerry UEM |
Affected:
12.9.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BlackBerry UEM",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "12.9.0 and earlier"
}
]
}
],
"datePublic": "2018-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T19:57:01",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2018-8891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlackBerry UEM",
"version": {
"version_data": [
{
"version_value": "12.9.0 and earlier"
}
]
}
}
]
},
"vendor_name": "BlackBerry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2018-8891",
"datePublished": "2018-12-20T20:00:00",
"dateReserved": "2018-03-21T00:00:00",
"dateUpdated": "2024-08-05T07:10:46.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8892 (GCVE-0-2018-8892)
Vulnerability from nvd – Published: 2018-12-20 20:00 – Updated: 2024-08-05 07:10
VLAI?
Summary
A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.
Severity ?
No CVSS data available.
CWE
- Cross-Site Request Forgery
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | BlackBerry UEM |
Affected:
12.9.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BlackBerry UEM",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "12.9.0 and earlier"
}
]
}
],
"datePublic": "2018-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T19:57:01",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2018-8892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlackBerry UEM",
"version": {
"version_data": [
{
"version_value": "12.9.0 and earlier"
}
]
}
}
]
},
"vendor_name": "BlackBerry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2018-8892",
"datePublished": "2018-12-20T20:00:00",
"dateReserved": "2018-03-21T00:00:00",
"dateUpdated": "2024-08-05T07:10:46.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8890 (GCVE-0-2018-8890)
Vulnerability from nvd – Published: 2018-10-12 13:00 – Updated: 2024-09-16 16:14
VLAI?
Summary
An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user.
Severity ?
No CVSS data available.
CWE
- Information disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | UEM |
Affected:
12.8.0 and 12.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UEM",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "12.8.0 and 12.8.1"
}
]
}
],
"datePublic": "2018-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user\u0027s session and perform administrative actions in the context of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T12:57:01",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"DATE_PUBLIC": "2018-10-09T00:00:00",
"ID": "CVE-2018-8890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UEM",
"version": {
"version_data": [
{
"version_value": "12.8.0 and 12.8.1"
}
]
}
}
]
},
"vendor_name": "BlackBerry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user\u0027s session and perform administrative actions in the context of the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2018-8890",
"datePublished": "2018-10-12T13:00:00Z",
"dateReserved": "2018-03-21T00:00:00",
"dateUpdated": "2024-09-16T16:14:12.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17442 (GCVE-0-2017-17442)
Vulnerability from nvd – Published: 2018-03-13 18:00 – Updated: 2024-09-17 03:07
VLAI?
Summary
In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.
Severity ?
No CVSS data available.
CWE
- Reflected cross-site scripting vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| BlackBerry | UEM Management Console |
Affected:
12.7.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:51:31.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UEM Management Console",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "12.7.1 and earlier"
}
]
}
],
"datePublic": "2018-03-13T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.\u003c/p\u003e"
}
],
"value": "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected cross-site scripting vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-07T18:53:42.307Z",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"DATE_PUBLIC": "2018-03-13T00:00:00",
"ID": "CVE-2017-17442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UEM Management Console",
"version": {
"version_data": [
{
"version_value": "12.7.1 and earlier"
}
]
}
}
]
},
"vendor_name": "BlackBerry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2017-17442",
"datePublished": "2018-03-13T18:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-17T03:07:25.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-3894 (GCVE-0-2017-3894)
Vulnerability from nvd – Published: 2017-05-10 16:00 – Updated: 2024-08-05 14:39
VLAI?
Summary
A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| BlackBerry | Unified Endpoint Manager |
Affected:
before 12.6.2
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:39:41.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "98552",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565"
},
{
"name": "1038465",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038465"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unified Endpoint Manager",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "before 12.6.2"
}
]
},
{
"product": "BES12",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2017-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-07T09:57:01",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"name": "98552",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565"
},
{
"name": "1038465",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038465"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2017-3894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Unified Endpoint Manager",
"version": {
"version_data": [
{
"version_value": "before 12.6.2"
}
]
}
},
{
"product_name": "BES12",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "BlackBerry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98552"
},
{
"name": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565"
},
{
"name": "1038465",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038465"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2017-3894",
"datePublished": "2017-05-10T16:00:00",
"dateReserved": "2016-12-21T00:00:00",
"dateUpdated": "2024-08-05T14:39:41.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}