CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17442
https://notcve.org/view.php?id=CVE-2017-17442
In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link. En BlackBerry UEM Management Console, en versiones 12.7.1 y anteriores, existe una vulnerabilidad de Cross-Site Scripting (XSS) que podría permitir que un atacante ejecute comandos script en el contexto de la cuenta UEM Management Console afectada manipulando un enlace malicioso y persuadiendo a un usuario con acceso legítimo a la Management Console para que haga clic en el enlace malicioso. • http://support.blackberry.com/kb/articleDetail?articleNumber=000047227 https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000048073 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2017-3894
https://notcve.org/view.php?id=CVE-2017-3894
A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console. Una vulnerabilidad de tipo cross-site scripting almacenado en la Consola de Administración de BlackBerry Unified Endpoint Manager versión 12.6.1 y anteriores, y todas las versiones de BES12, permite a los atacantes ejecutar acciones en el contexto de un administrador de la Consola de Administración mediante la carga de un script malicioso y luego persuadiendo a un administrador destino para visualizar la ubicación específica del script malicioso dentro de la Consola de Administración. • http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000044565 http://www.securityfocus.com/bid/98552 http://www.securitytracker.com/id/1038465 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •