Skip to main content

Blackberry Enterprise Service

5 CVEs product

Monthly

CVE-2016-1915 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Blackberry Enterprise Service
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
7.2%
CVE-2016-1914 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Blackberry Enterprise Service
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.2%
CVE-2014-1469 MEDIUM PATCH This Month

BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Information Disclosure Blackberry Enterprise Service Enterprise Server Enterprise Server Express
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-1467 MEDIUM This Month

BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Blackberry Enterprise Service Blackberry Universal Device Service Enterprise Server +1
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-3693 HIGH This Week

The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation Blackberry Enterprise Service
NVD
CVSS 2.0
7.9
EPSS
0.3%
EPSS 7% CVSS 6.1
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Blackberry Enterprise Service
NVD Exploit-DB
EPSS 3% CVSS 8.8
HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Blackberry Enterprise Service
NVD Exploit-DB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity.

Information Disclosure Blackberry Enterprise Service Enterprise Server +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Blackberry Enterprise Service +3
NVD
EPSS 0% CVSS 7.9
HIGH This Week

The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which. Rated high severity (CVSS 7.9). No vendor patch available.

Privilege Escalation Blackberry Enterprise Service
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy