Spoofing Vulnerability in BlackBerry Enterprise Server Core
CVE-2016-3128

8.2HIGH

Key Information:

Vendor

Blackberry

Status
BES12 versions through 12.5.2
Vendor
CVE Published:
13 January 2017

What is CVE-2016-3128?

A spoofing vulnerability in the Core component of BlackBerry Enterprise Server (BES) versions 12 through 12.5.2 enables remote attackers to enroll unauthorized devices onto the BES. This security flaw allows adversaries to gain access to sensitive device parameters of legitimate devices enrolled in the BES, as well as to transmit deceptive information back to the BES by exploiting specific details of those legitimate devices. Organizations using these versions of BES should take immediate action to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BES12 through 12.5.2 BES12 versions through 12.5.2

References

http://support.blackberry.com/kb/articleDetail?articleNum...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95624
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037585
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.