3 results (0.010 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the configuration file to potentially issue privileged script commands. • https://support.blackberry.com/pkb/s/article/140220 • CWE-250: Execution with Unnecessary Privileges •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege. • https://support.blackberry.com/pkb/s/article/140220 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially enroll an attacker-controlled device to the victim’s account and telephone number. • https://support.blackberry.com/pkb/s/article/140220 • CWE-307: Improper Restriction of Excessive Authentication Attempts •