CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-6933
https://notcve.org/view.php?id=CVE-2020-6933
An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service. Una vulnerabilidad de comprobación de entrada inapropiada en el UEM Core de BlackBerry UEM versiones 12.13.0, 12.12.1a QF2 (y anteriores) y 12.11.1 QF3 (y anteriores), podría permitir a un atacante causar potencialmente una Denegación de Servicio (DoS) del servicio UEM Core • https://support.blackberry.com/kb/articleDetail?articleNumber=000068112 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8892
https://notcve.org/view.php?id=CVE-2018-8892
A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator. Una vulnerabilidad Cross-Site Request Forgery (CSRF) en la consola de gestión de BlackBerry UEM, en versiones anteriores a la 12.9.1, podría permitir que un atacante modifique las opciones de UEM en el contexto de un administrador de la consola. • http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8888
https://notcve.org/view.php?id=CVE-2018-8888
A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. Una vulnerabilidad Cross-Site Scripting (XSS) persistente en la consola de gestión de BlackBerry UEM, en versiones anteriores a la 12.10.0, podría permitir que un atacante almacene comandos script que podrían ejecutarse posteriormente en el contexto de otro administrador de la consola. • http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8891
https://notcve.org/view.php?id=CVE-2018-8891
Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. Múltiples vulnerabilidades Cross-Site Scripting (XSS) persistente en la consola de gestión de BlackBerry UEM, en versiones anteriores a la 12.9.1, podrían permitir que un atacante almacene comandos script que podrían ejecutarse posteriormente en el contexto de otro administrador de la consola. • http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17442
https://notcve.org/view.php?id=CVE-2017-17442
In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link. En BlackBerry UEM Management Console, en versiones 12.7.1 y anteriores, existe una vulnerabilidad de Cross-Site Scripting (XSS) que podría permitir que un atacante ejecute comandos script en el contexto de la cuenta UEM Management Console afectada manipulando un enlace malicioso y persuadiendo a un usuario con acceso legítimo a la Management Console para que haga clic en el enlace malicioso. • http://support.blackberry.com/kb/articleDetail?articleNumber=000047227 https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000048073 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •