Cross-Site Scripting Vulnerability in BlackBerry Enterprise Server Management Console
CVE-2016-1918

6.1MEDIUM

Key Information:

Vendor: Blackberry
Status: Enterprise Server
Vendor: CVE Published:; 22 April 2016

What is CVE-2016-1918?

A cross-site scripting vulnerability exists in the Management Console of BlackBerry Enterprise Server 12 prior to version 12.4.1. This flaw allows remote attackers to inject malicious web scripts or HTML by crafting a specially designed URL. This could potentially lead to unauthorized actions being performed in the context of the affected user's session.

References

http://www.securitytracker.com/id/1035568

vdb-entryx_refsource_SECTRACK

http://www.blackberry.com/btsc/KB38118

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2016
Vulnerability Reserved
Jan 15, 2016

Blackberry

What is CVE-2016-1918?

References

CVSS V3.1

Timeline