CVE-2016-1914 – BlackBerry Enterprise Service < 12.4 (BES12) Self-Service - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1914
Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image. Varias vulnerabilidades de inyección de SQL en el servlet com.rim.mdm.ui.server.ImageServlet en BlackBerry Enterprise Server 12 (BES12) Self-Service en versiones anteriores a 12.4 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro imageName a (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, o (5) all/client/image. BlackBerry Enterprise Service 12 (BES12) Self-Service suffers from cross site scripting and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/39481 http://seclists.org/fulldisclosure/2016/Feb/95 http://security-assessment.com/files/documents/advisory/Blackberry%20BES12%20Self-Service%20Multiple%20Vulnerabilities.pdf http://support.blackberry.com/kb/articleDetail?articleNumber=000038033 http://www.securitytracker.com/id/1035095 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2016-1915 – BlackBerry Enterprise Service < 12.4 (BES12) Self-Service - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1915
Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp. Varias vulnerabilidades de XSS en BlackBerry Enterprise Server 12 Self-Service en versiones anteriores a 12.4 permiten a los atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro local en mydevice/ndex.jsp o (2) mydevice /loggedOut.jsp. BlackBerry Enterprise Service 12 (BES12) Self-Service suffers from cross site scripting and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/39481 http://seclists.org/fulldisclosure/2016/Feb/95 http://security-assessment.com/files/documents/advisory/Blackberry%20BES12%20Self-Service%20Multiple%20Vulnerabilities.pdf http://support.blackberry.com/kb/articleDetail?articleNumber=000038033 http://www.securitytracker.com/id/1035095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-1469
https://notcve.org/view.php?id=CVE-2014-1469
BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file. BlackBerry Enterprise Server 5.x anterior a 5.0.4 MR7 y Enterprise Service 10.x anterior a 10.2.2 registran las credenciales en texto plano durante el manejo de excepciones, lo que permite a usuarios locales obtener información sensible mediante la lectura del fichero del registro de excepciones. • http://secunia.com/advisories/60154 http://www.blackberry.com/btsc/KB36175 http://www.securityfocus.com/bid/69211 https://exchange.xforce.ibmcloud.com/vulnerabilities/95264 • CWE-310: Cryptographic Issues •