CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2011-0290
https://notcve.org/view.php?id=CVE-2011-0290
21 Oct 2011 — The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors. BlackBerry Collaboration Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) v5.0.3 a través d... • http://secunia.com/advisories/46370 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2011-0287
https://notcve.org/view.php?id=CVE-2011-0287
14 Jul 2011 — Unspecified vulnerability in the BlackBerry Administration API in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3, allows remote attackers to read text files or cause a denial of service via unknown vectors. Vulnerabilidad no especificada en la API de BlackBerry Administration en Research In Motion (RIM) BlackBerry Enterprise Server (BES) en v5.0.1 hasta v5.0.3, y BlackBerry Enterprise Server Expr... • http://secunia.com/advisories/45242 •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2011-0286
https://notcve.org/view.php?id=CVE-2011-0286
18 Apr 2011 — Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a ManageDevices action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en webdesktop/app en... • http://secunia.com/advisories/44183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •