Cross-Site Scripting Vulnerability in BlackBerry Enterprise Server Management Console
CVE-2016-1916

5.4MEDIUM

Key Information:

Vendor: Blackberry
Status: Enterprise Server
Vendor: CVE Published:; 22 April 2016

What is CVE-2016-1916?

A Cross-Site Scripting (XSS) vulnerability exists in the Management Console of BlackBerry Enterprise Server versions prior to 12.4.1. This flaw allows remote authenticated users with basic administrative access to create a specially crafted policy. When changing settings on a specific Export IT screen, improper rendering can occur, potentially enabling the execution of arbitrary web scripts or HTML. Exploitation of this vulnerability could lead to unauthorized actions on behalf of users, jeopardizing user data and application integrity.

References

http://www.securitytracker.com/id/1035568

vdb-entryx_refsource_SECTRACK

http://www.blackberry.com/btsc/KB38117

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2016
Vulnerability Reserved
Jan 15, 2016

Blackberry

What is CVE-2016-1916?

References

CVSS V3.1

Timeline