CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6933
https://notcve.org/view.php?id=CVE-2020-6933
14 Oct 2020 — An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service. Una vulnerabilidad de comprobación de entrada inapropiada en el UEM Core de BlackBerry UEM versiones 12.13.0, 12.12.1a QF2 (y anteriores) y 12.11.1 QF3 (y anteriores), podría permitir a un atacante causar potencialmente una Denegación de Servicio (DoS) del serv... • https://support.blackberry.com/kb/articleDetail?articleNumber=000068112 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8892
https://notcve.org/view.php?id=CVE-2018-8892
20 Dec 2018 — A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator. Una vulnerabilidad Cross-Site Request Forgery (CSRF) en la consola de gestión de BlackBerry UEM, en versiones anteriores a la 12.9.1, podría permitir que un atacante modifique las opciones de UEM en el contexto de un administrador de la consola. • http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8888
https://notcve.org/view.php?id=CVE-2018-8888
20 Dec 2018 — A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. Una vulnerabilidad Cross-Site Scripting (XSS) persistente en la consola de gestión de BlackBerry UEM, en versiones anteriores a la 12.10.0, podría permitir que un atacante almacene comandos script que podrían ejecutarse posteriormente en el contexto ... • http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8891
https://notcve.org/view.php?id=CVE-2018-8891
20 Dec 2018 — Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. Múltiples vulnerabilidades Cross-Site Scripting (XSS) persistente en la consola de gestión de BlackBerry UEM, en versiones anteriores a la 12.9.1, podrían permitir que un atacante almacene comandos script que podrían ejecutarse posteriormente... • http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-8890
https://notcve.org/view.php?id=CVE-2018-8890
12 Oct 2018 — An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user. Una vulnerabilidad de divulgación de información en la consola de gestión de BlackBerry UEM 12.8.0 y 12.8.1 podría permitir que un atacante tome el control de una sesión de usuario UEM y realice acciones administrativas en el contexto del usuario. • http://support.blackberry.com/kb/articleDetail?articleNumber=000052161&language=en_US • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17442
https://notcve.org/view.php?id=CVE-2017-17442
13 Mar 2018 — In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link. En BlackBerry UEM Management Console, en versiones 12.7.1 y anteriores, existe una vulnerabilidad de Cross-Site Scripting (XSS) que podría permit... • http://support.blackberry.com/kb/articleDetail?articleNumber=000047227 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2017-3894
https://notcve.org/view.php?id=CVE-2017-3894
10 May 2017 — A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console. Una vulnerabilidad de tipo cross-site scripting almacenado en la Consola de Administración de Black... • http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000044565 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •