CVE-2016-3129 - A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) impl

CVE-2016-3129

Summary

A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell.

References

http://support.blackberry.com/kb/articleDetail?articleNumber=000038814&language=None
http://www.securityfocus.com/bid/94959

Vulnerable Configurations

cpe:2.3:o:blackberry:good_enterprise_mobility_server:*:*:*:*:*:*:*:*
cpe:2.3:o:blackberry:good_enterprise_mobility_server:*:*:*:*:*:*:*:*

CVSS

Base:	8.5 (as of 22-12-2016 - 03:00)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:S/C:C/I:C/A:C

refmap via4

bid	94959
confirm	http://support.blackberry.com/kb/articleDetail?articleNumber=000038814&language=None

Last major update

22-12-2016 - 03:00

Published

16-12-2016 - 09:59

Last modified

22-12-2016 - 03:00