cnvd - cnvd-2019-39171

CNVD-2019-39171

Vulnerability from cnvd - Published: 2019-11-05

Title

BlackBerry Unified Endpoint Manager跨站脚本漏洞

Description

BlackBerry Unified Endpoint Manager（UEM）是加拿大黑莓（BlackBerry）公司的一套统一端点管理解决方案。该方案用于管理终端设备并查看其访问情况。 BlackBerry UEM中存在安全漏洞。攻击者可利用该漏洞能够存储脚本命令，该脚本命令稍后可以在其他管理控制台管理员的上下文中执行。

Severity

低

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.blackberry.com/

Reference

https://vigilance.fr/vulnerability/BlackBerry-UEM-three-vulnerabilities-via-Management-Console-28057

Impacted products

Name
Blackberry Unified Endpoint Manager >12.10.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8888"
    }
  },
  "description": "BlackBerry Unified Endpoint Manager\uff08UEM\uff09\u662f\u52a0\u62ff\u5927\u9ed1\u8393\uff08BlackBerry\uff09\u516c\u53f8\u7684\u4e00\u5957\u7edf\u4e00\u7aef\u70b9\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u65b9\u6848\u7528\u4e8e\u7ba1\u7406\u7ec8\u7aef\u8bbe\u5907\u5e76\u67e5\u770b\u5176\u8bbf\u95ee\u60c5\u51b5\u3002\n\nBlackBerry UEM\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u80fd\u591f\u5b58\u50a8\u811a\u672c\u547d\u4ee4\uff0c\u8be5\u811a\u672c\u547d\u4ee4\u7a0d\u540e\u53ef\u4ee5\u5728\u5176\u4ed6\u7ba1\u7406\u63a7\u5236\u53f0\u7ba1\u7406\u5458\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.blackberry.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-39171",
  "openTime": "2019-11-05",
  "products": {
    "product": "Blackberry Unified Endpoint Manager \u003e12.10.0"
  },
  "referenceLink": "https://vigilance.fr/vulnerability/BlackBerry-UEM-three-vulnerabilities-via-Management-Console-28057",
  "serverity": "\u4f4e",
  "submitTime": "2018-12-21",
  "title": "BlackBerry Unified Endpoint Manager\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2018-8888 (GCVE-0-2018-8888)

Vulnerability from cvelistv5 – Published: 2018-12-20 20:00 – Updated: 2024-08-05 07:10

Summary

A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.

Severity ?

No CVSS data available.

CWE

Stored Cross-Site Scripting

Assigner

blackberry

References

URL

Tags

http://support.blackberry.com/kb/articleDetail?ar…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	BlackBerry	BlackBerry UEM	Affected: 12.9.1 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:10:46.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BlackBerry UEM",
          "vendor": "BlackBerry",
          "versions": [
            {
              "status": "affected",
              "version": "12.9.1 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2018-12-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stored Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-20T19:57:01",
        "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "shortName": "blackberry"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@blackberry.com",
          "ID": "CVE-2018-8888",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BlackBerry UEM",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.9.1 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "BlackBerry"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stored Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
              "refsource": "CONFIRM",
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
    "assignerShortName": "blackberry",
    "cveId": "CVE-2018-8888",
    "datePublished": "2018-12-20T20:00:00",
    "dateReserved": "2018-03-21T00:00:00",
    "dateUpdated": "2024-08-05T07:10:46.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-39171

CVE-2018-8888 (GCVE-0-2018-8888)

Tags

Sightings

Nomenclature