CVE-2017-3894
Published May 10, 2017
Last updated 7 years ago
Overview
- Description
- A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.
- Source
- secure@blackberry.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:blackberry:enterprise_service:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56D736AE-2679-43E6-A281-F4F5D3A45B32" }, { "criteria": "cpe:2.3:a:blackberry:enterprise_service:12.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6ED84DDD-A736-4990-AF43-B94974B04BAA" }, { "criteria": "cpe:2.3:a:blackberry:enterprise_service:12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03F470B0-5E8E-43EE-9DE8-59EFF2466F90" }, { "criteria": "cpe:2.3:a:blackberry:enterprise_service:12.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29E309B5-5F9E-4D8D-8A0A-49F3EB2B31A7" }, { "criteria": "cpe:2.3:a:blackberry:enterprise_service:12.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD293D26-C7BB-4F89-8B8B-18F96BCDABF5" }, { "criteria": "cpe:2.3:a:blackberry:enterprise_service:12.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0633AD14-B5CC-46EA-88EB-B39B1A32FB15" }, { "criteria": "cpe:2.3:a:blackberry:enterprise_service:12.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6247B841-45B7-4CCE-A189-3EBFC8AB2003" }, { "criteria": "cpe:2.3:a:blackberry:enterprise_service:12.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DE5722D-E406-4EE1-B55A-15B6B36FCFDA" }, { "criteria": "cpe:2.3:a:blackberry:enterprise_service:12.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33F4B47B-A4AB-42E1-BDB6-A027B79CB3B4" }, { "criteria": "cpe:2.3:a:blackberry:enterprise_service:12.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42160112-F133-4377-9CBA-56B71AAF5678" }, { "criteria": "cpe:2.3:a:blackberry:enterprise_service:12.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBE0CC41-33D3-4102-84E8-22E2C70AD604" }, { "criteria": "cpe:2.3:a:blackberry:enterprise_service:12.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65F8998A-C7B7-41A0-8B1B-2C72132D49EB" }, { "criteria": "cpe:2.3:a:blackberry:enterprise_service:12.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0DFB57A-A2BF-4DE5-A25B-91D91159189F" }, { "criteria": "cpe:2.3:a:blackberry:enterprise_service:12.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9576124A-433E-4CBC-944B-9C06D794F937" }, { "criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F99555CB-D274-4236-B47C-E60DD334F872", "versionEndIncluding": "12.6.1" } ], "operator": "OR" } ] } ]