- Description
- A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.
- Source
- secure@blackberry.com
- NVD status
- Analyzed
CVSS 3.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-352
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0AFB64F-41FB-4D16-98BA-40F5F7B95C5E",
"versionEndExcluding": "12.9.1"
}
],
"operator": "OR"
}
]
}
]