SQL Injection Vulnerabilities in BlackBerry Enterprise Server 12 Self-Service
CVE-2016-1914

8.8HIGH

Key Information:

Vendor: Blackberry
Status: Blackberry Enterprise Service
Vendor: CVE Published:; 13 April 2017

What is CVE-2016-1914?

BlackBerry Enterprise Server 12 Self-Service versions prior to 12.4 contain multiple SQL injection vulnerabilities in the ImageServlet component. These vulnerabilities allow remote attackers to execute arbitrary SQL commands through manipulation of the imageName parameter across various endpoints. Specifically, the affected endpoints include mydevice/client/image, admin/client/image, myapps/client/image, ssam/client/image, and all/client/image, potentially compromising the integrity of the server's database.