ID CVE-2016-3128
Summary A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES.
References
Vulnerable Configurations
  • cpe:2.3:a:blackberry:enterprise_service:12.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:blackberry:enterprise_service:12.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:blackberry:enterprise_service:12.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:blackberry:enterprise_service:12.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:blackberry:enterprise_service:12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:blackberry:enterprise_service:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:blackberry:enterprise_service:12.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:blackberry:enterprise_service:12.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:blackberry:enterprise_service:12.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:blackberry:enterprise_service:12.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:blackberry:enterprise_service:12.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:blackberry:enterprise_service:12.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:blackberry:enterprise_service:12.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:blackberry:enterprise_service:12.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:blackberry:enterprise_service:12.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:blackberry:enterprise_service:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:blackberry:enterprise_service:12.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:blackberry:enterprise_service:12.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:blackberry:enterprise_service:12.5.0a:*:*:*:*:*:*:*
    cpe:2.3:a:blackberry:enterprise_service:12.5.0a:*:*:*:*:*:*:*
  • cpe:2.3:a:blackberry:enterprise_service:12.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:blackberry:enterprise_service:12.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:blackberry:enterprise_service:12.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:blackberry:enterprise_service:12.5.2:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 20-01-2017 - 02:59)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bid 95624
confirm http://support.blackberry.com/kb/articleDetail?articleNumber=000038913
sectrack 1037585
Last major update 20-01-2017 - 02:59
Published 13-01-2017 - 09:59
Last modified 20-01-2017 - 02:59
Back to Top