Directory Traversal Vulnerability in BlackBerry Workspaces Server
CVE-2017-9367

9.8CRITICAL

Key Information:

Vendor: Blackberry
Status: Workspaces Server
Vendor: CVE Published:; 16 October 2017

What is CVE-2017-9367?

A directory traversal vulnerability exists in the BlackBerry Workspaces Server, allowing attackers to manipulate POST requests to execute or upload arbitrary files. This flaw can lead to unauthorized access to sensitive information by revealing the contents of files across the web server. If left unaddressed, it compromises the overall integrity of the server's data security.

Affected Version(s)

Workspaces Server BlackBerry Workspaces Server components Appliance-X 1.11.0 to 1.11.2, vApp versions 5.6.0 to 5.6.6, and vApp versions 5.5.9 and earlier

References

http://support.blackberry.com/kb/articleDetail?language=e...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 16, 2017
Vulnerability Reserved
Jun 2, 2017

Blackberry

What is CVE-2017-9367?

Affected Version(s)

References

CVSS V3.1

Timeline