Cross-Site Scripting in BlackBerry Enterprise Server Management Console
CVE-2016-1917

6.1MEDIUM

Key Information:

Vendor: Blackberry
Status: Enterprise Server
Vendor: CVE Published:; 22 April 2016

What is CVE-2016-1917?

A cross-site scripting (XSS) vulnerability exists in the Management Console of BlackBerry Enterprise Server (BES) versions prior to 12.4.1. This flaw enables remote attackers to inject arbitrary web scripts or HTML into user sessions through specially crafted URLs. Successful exploitation can lead to exposure of sensitive information or unauthorized actions taken on behalf of users.

References

http://www.securitytracker.com/id/1035568

vdb-entryx_refsource_SECTRACK

http://www.blackberry.com/btsc/KB38118

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2016
Vulnerability Reserved
Jan 15, 2016

Blackberry

What is CVE-2016-1917?

References

CVSS V3.1

Timeline