Log Handling Vulnerability in BlackBerry Enterprise Services
CVE-2014-1467

Currently unrated

Key Information:

Vendor: Blackberry
Status: Enterprise Server; Blackberry Enterprise Service; Enterprise Server Express; Blackberry Universal Device Service
Vendor: CVE Published:; 14 February 2014

What is CVE-2014-1467?

The vulnerability in BlackBerry Enterprise Services allows unauthorized access to sensitive information due to insecure log handling practices. Affected versions log cleartext credentials during exception handling, which could enable attackers to read log files and obtain sensitive data. Users of BlackBerry Enterprise Service 10, Universal Device Service, and various Enterprise Server products need to be aware of this issue to protect their information from potential exploitation.

References

http://www.blackberry.com/btsc/KB35647

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2014
Vulnerability Reserved
Jan 15, 2014

Blackberry

What is CVE-2014-1467?

References

Timeline