Stored Cross Site Scripting Vulnerability in BlackBerry Unified Endpoint Manager
CVE-2017-3894

6.1MEDIUM

Key Information:

Vendor: Blackberry
Status: Unified Endpoint Manager; Bes12
Vendor: CVE Published:; 10 May 2017

What is CVE-2017-3894?

A stored cross site scripting vulnerability exists in the Management Console of BlackBerry Unified Endpoint Manager, specifically in version 12.6.1 and earlier, as well as all versions of BES12. This vulnerability enables attackers to gain unauthorized access and execute arbitrary actions within the context of an administrator's session by uploading a malicious script. If an affected administrator inadvertently views the location of this malicious script, the attacker could exploit the vulnerability to manipulate the Management Console and potentially compromise sensitive information.

Affected Version(s)

BES12 all versions

Unified Endpoint Manager before 12.6.2

References

http://www.securityfocus.com/bid/98552

vdb-entryx_refsource_BID

http://support.blackberry.com/kb/articleDetail?language=e...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1038465

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2017
Vulnerability Reserved
Dec 21, 2016

Blackberry

What is CVE-2017-3894?

Affected Version(s)

References

CVSS V3.1

Timeline