Information Disclosure Vulnerability in BlackBerry Enterprise Server Products
CVE-2014-1469

Currently unrated

Key Information:

Vendor: Blackberry
Status: Enterprise Server; Enterprise Server Express; Blackberry Enterprise Service
Vendor: CVE Published:; 18 August 2014

What is CVE-2014-1469?

An information disclosure vulnerability exists in BlackBerry Enterprise Server versions prior to 5.0.4 MR7 and Enterprise Service prior to 10.2.2, where cleartext credentials are logged during exception handling. This flaw allows local users to access sensitive information by reading the exception log file, potentially leading to unauthorized access and further exploitation of the system.

References

http://www.securityfocus.com/bid/69211

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/95264

vdb-entryx_refsource_XF

http://secunia.com/advisories/60154

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2014
Vulnerability Reserved
Jan 15, 2014

Blackberry

What is CVE-2014-1469?

References

Timeline