CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6933
https://notcve.org/view.php?id=CVE-2020-6933
An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service. Una vulnerabilidad de comprobación de entrada inapropiada en el UEM Core de BlackBerry UEM versiones 12.13.0, 12.12.1a QF2 (y anteriores) y 12.11.1 QF3 (y anteriores), podría permitir a un atacante causar potencialmente una Denegación de Servicio (DoS) del servicio UEM Core • https://support.blackberry.com/kb/articleDetail?articleNumber=000068112 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8892
https://notcve.org/view.php?id=CVE-2018-8892
A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator. Una vulnerabilidad Cross-Site Request Forgery (CSRF) en la consola de gestión de BlackBerry UEM, en versiones anteriores a la 12.9.1, podría permitir que un atacante modifique las opciones de UEM en el contexto de un administrador de la consola. • http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8888
https://notcve.org/view.php?id=CVE-2018-8888
A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. Una vulnerabilidad Cross-Site Scripting (XSS) persistente en la consola de gestión de BlackBerry UEM, en versiones anteriores a la 12.10.0, podría permitir que un atacante almacene comandos script que podrían ejecutarse posteriormente en el contexto de otro administrador de la consola. • http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8891
https://notcve.org/view.php?id=CVE-2018-8891
Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. Múltiples vulnerabilidades Cross-Site Scripting (XSS) persistente en la consola de gestión de BlackBerry UEM, en versiones anteriores a la 12.9.1, podrían permitir que un atacante almacene comandos script que podrían ejecutarse posteriormente en el contexto de otro administrador de la consola. • http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-8890
https://notcve.org/view.php?id=CVE-2018-8890
An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user. Una vulnerabilidad de divulgación de información en la consola de gestión de BlackBerry UEM 12.8.0 y 12.8.1 podría permitir que un atacante tome el control de una sesión de usuario UEM y realice acciones administrativas en el contexto del usuario. • http://support.blackberry.com/kb/articleDetail?articleNumber=000052161&language=en_US • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •