Directory Traversal Vulnerability in BlackBerry Enterprise Mobility Server
CVE-2018-8889

4.7MEDIUM

Key Information:

Vendor

Blackberry

Status
Blackberry Enterprise Mobility Server (bems)
Vendor
CVE Published:
19 September 2018

What is CVE-2018-8889?

A directory traversal flaw in the Connect Service of BlackBerry Enterprise Mobility Server (BEMS) allows attackers to access arbitrary files. By exploiting this vulnerability, an attacker with access to an administrative account can leverage this weakness to retrieve sensitive files, potentially compromising system security. This vulnerability affects versions 2.8.17.29 and earlier of BEMS, prompting necessary security measures to be taken to safeguard sensitive information.

Affected Version(s)

BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier

References

http://support.blackberry.com/kb/articleDetail?articleNum...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.