- Description
- A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell.
- Source
- secure@blackberry.com
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 6.6
- Impact score
- 5.9
- Exploitability score
- 0.7
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 8.5
- Impact score
- 10
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:C/I:C/A:C
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:blackberry:good_enterprise_mobility_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "396E10E8-4D3F-461A-848D-6B7556F56C31",
"versionEndIncluding": "2.2.22.25"
}
],
"operator": "OR"
}
]
}
]