CVSS: 8.8EPSS: 0%CPEs: 46EXPL: 0CVE-2020-9523
https://notcve.org/view.php?id=CVE-2020-9523
17 Apr 2020 — Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security. Una vulnerabilidad de credenciales insuficientemente protegidas en el desarrollador empresarial y el servidor empres... • https://softwaresupport.softwaregrp.com/doc/KM03634936 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 68EXPL: 0CVE-2019-11651
https://notcve.org/view.php?id=CVE-2019-11651
02 Oct 2019 — Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests. Una vulnerabilidad de tipo XSS Reflejado en Micro Focus Enterprise Developer y Enterprise Server, todas las versiones anteriores a la versión 3.0 Patch Update 20, versión 4.0 Patch Update 12 y versión 5.0 Patch ... • https://softwaresupport.softwaregrp.com/doc/KM03532232 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1917
https://notcve.org/view.php?id=CVE-2016-1917
22 Apr 2016 — Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918. Vulnerabilidad de XSS en la Management Console en BlackBerry Enterprise Server (BES) 12 en versiones anteriores a 12.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, una vulnerabilidad diferen... • http://www.blackberry.com/btsc/KB38118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1918
https://notcve.org/view.php?id=CVE-2016-1918
22 Apr 2016 — Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917. Vulnerabilidad de XSS en la Management Console en BlackBerry Enterprise Server (BES) 12 en versiones anteriores a 12.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada, una vulnerabilidad diferen... • http://www.blackberry.com/btsc/KB38118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1916
https://notcve.org/view.php?id=CVE-2016-1916
22 Apr 2016 — Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen. Vulnerabilidad de XSS en la Management Console en BlackBerry Enterprise Server (BES) 12 en versiones anteriores a 12.4.1 permite a usuarios autenticados remotos inyectar secuencias de co... • http://www.blackberry.com/btsc/KB38117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3126
https://notcve.org/view.php?id=CVE-2016-3126
22 Apr 2016 — Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la Management Console en BlackBerry Enterprise Server (BES) 12 en versiones anteriores a 12.4.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www.blackberry.com/btsc/KB38119 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1469
https://notcve.org/view.php?id=CVE-2014-1469
18 Aug 2014 — BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file. BlackBerry Enterprise Server 5.x anterior a 5.0.4 MR7 y Enterprise Service 10.x anterior a 10.2.2 registran las credenciales en texto plano durante el manejo de excepciones, lo que permite a usuarios locales obtener información sensible mediante la lectura del fichero del re... • http://secunia.com/advisories/60154 • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1467
https://notcve.org/view.php?id=CVE-2014-1467
14 Feb 2014 — BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file. BlackBerry Enterprise Se... • http://www.blackberry.com/btsc/KB35647 • CWE-255: Credentials Management Errors •
CVSS: 9.3EPSS: 24%CPEs: 14EXPL: 0CVE-2008-3246
https://notcve.org/view.php?id=CVE-2008-3246
21 Jul 2008 — Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment. Vulnerabilidad sin especificar en el componente PDF distiller en el BlackBerry Attachment Service en BlackBerry Unite! 1.0 SP1 (1.0.1) anterior a bundle 36 y BlackBerry Enterprise Server 4.1 S... • http://secunia.com/advisories/31092 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 3%CPEs: 93EXPL: 0CVE-2004-0826
https://notcve.org/view.php?id=CVE-2004-0826
02 Sep 2004 — Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. • http://marc.info/?l=bugtraq&m=109351293827731&w=2 •