Vulnerabilities > CVE-2016-3128 - 7PK - Security Features vulnerability in Blackberry Enterprise Service

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

blackberry

CWE-254

NVD

Published: 2017-01-13

Updated: 2017-01-20

Summary

A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES.

Vulnerable Configurations

Part	Description	Count
Application	Blackberry Blackberry Enterprise Service 12.0.0 Blackberry Enterprise Service 12.0.1 Blackberry Enterprise Service 12.1.0 Blackberry Enterprise Service 12.2.0 Blackberry Enterprise Service 12.2.1 Blackberry Enterprise Service 12.3.0 Blackberry Enterprise Service 12.3.1 Blackberry Enterprise Service 12.4.0 Blackberry Enterprise Service 12.4.1 Blackberry Enterprise Service 12.5.0A Blackberry Enterprise Service 12.5.1 Blackberry Enterprise Service 12.5.2	12

Common Weakness Enumeration (CWE)

CWE-254 - 7PK - Security Features

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References