CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2016-1914 – BlackBerry Enterprise Service < 12.4 (BES12) Self-Service - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1914
21 Feb 2016 — Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image. Varias vulnerabilidades de inyección de SQL en el servlet com.rim.mdm.ui.server.ImageServlet en BlackBerry Enterprise Server 12 (BES12) Self-Se... • https://packetstorm.news/files/id/135860 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2016-1915 – BlackBerry Enterprise Service < 12.4 (BES12) Self-Service - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1915
21 Feb 2016 — Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp. Varias vulnerabilidades de XSS en BlackBerry Enterprise Server 12 Self-Service en versiones anteriores a 12.4 permiten a los atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro local en mydevice/ndex.jsp o (2) mydevi... • https://packetstorm.news/files/id/135860 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1469
https://notcve.org/view.php?id=CVE-2014-1469
18 Aug 2014 — BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file. BlackBerry Enterprise Server 5.x anterior a 5.0.4 MR7 y Enterprise Service 10.x anterior a 10.2.2 registran las credenciales en texto plano durante el manejo de excepciones, lo que permite a usuarios locales obtener información sensible mediante la lectura del fichero del re... • http://secunia.com/advisories/60154 • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1467
https://notcve.org/view.php?id=CVE-2014-1467
14 Feb 2014 — BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file. BlackBerry Enterprise Se... • http://www.blackberry.com/btsc/KB35647 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-3693
https://notcve.org/view.php?id=CVE-2013-3693
11 Oct 2013 — The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098. El BlackBerry Universal Device Service en BlackBerry Enterprise Service (BES) 10.0 hasta 10.1.2 no restringe adecuadamente el interface JBoss Remote method Invocation (RMI), lo que permite a atacantes remotos subir y ejecutar... • http://btsc.webapps.blackberry.com/btsc/viewdocument.do%3Bjsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl • CWE-264: Permissions, Privileges, and Access Controls •