Skip to main content

Blackberry Enterprise Service CVE-2013-3693

HIGH
Permissions, Privileges, and Access Controls (CWE-264)
2013-10-11 cve@mitre.org
7.9
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.9 HIGH
AV:A/AC:M/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:A/AC:M/Au:N/C:C/I:C/A:C
Attack Vector
Adjacent
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Oct 11, 2013 - 22:55 cve.org
HIGH 7.9

DescriptionCVE.org

The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.

AnalysisAI

The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which. Rated high severity (CVSS 7.9). No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-264. The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098. Affected products include: Blackberry Blackberry Enterprise Service. Version information: through 10.1.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2013-3693 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy