Cross-Site Request Forgery in BlackBerry UEM Management Console
CVE-2018-8892

6.5MEDIUM

Key Information:

Vendor: Blackberry
Status: Blackberry Uem
Vendor: CVE Published:; 20 December 2018

What is CVE-2018-8892?

A cross-site request forgery (CSRF) vulnerability exists in the Management Console of BlackBerry UEM prior to version 12.9.1. This flaw allows attackers to execute unauthorized actions and make modifications to UEM settings as if they were an authenticated Management Console administrator. Proper security measures and immediate updates to the latest version are essential to protect against potential exploitation.

Affected Version(s)

BlackBerry UEM 12.9.0 and earlier

References

http://support.blackberry.com/kb/articleDetail?articleNum...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2018
Vulnerability Reserved
Mar 21, 2018

Blackberry

What is CVE-2018-8892?

Affected Version(s)

References

CVSS V3.1

Timeline