Cross-Site Scripting Vulnerabilities in BlackBerry Enterprise Server 12 Self-Service
CVE-2016-1915

6.1MEDIUM

Key Information:

Vendor: Blackberry
Status: Blackberry Enterprise Service
Vendor: CVE Published:; 13 April 2017

What is CVE-2016-1915?

BlackBerry Enterprise Server 12 Self-Service is susceptible to multiple cross-site scripting (XSS) vulnerabilities that permit remote attackers to insert arbitrary web scripts or HTML. This can occur when the locale parameter is manipulated in the URLs for mydevice/index.jsp and mydevice/loggedOut.jsp. Such vulnerabilities can lead to unauthorized interception of sensitive data or compromise of user accounts, highlighting the need for immediate security measures and updates.

References

http://www.securitytracker.com/id/1035095

vdb-entryx_refsource_SECTRACK

http://security-assessment.com/files/documents/advisory/B...

x_refsource_MISC

https://www.exploit-db.com/exploits/39481/

exploitx_refsource_EXPLOIT-DB

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2017
Vulnerability Reserved
Jan 15, 2016

Blackberry

What is CVE-2016-1915?

References

EPSS Score

CVSS V3.1

Timeline