Vulnerabilities > CVE-2016-3129 - Arbitrary Command Execution vulnerability in BlackBerry Good Enterprise Mobility Server

CVSS 8.5 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

blackberry

NVD

Published: 2016-12-16

Updated: 2016-12-22

Summary

A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell.

Vulnerable Configurations

Part	Description	Count
OS	Blackberry Blackberry Good Enterprise Mobility Server *	1

References

http://support.blackberry.com/kb/articleDetail?articleNumber=000038814&language=None
http://www.securityfocus.com/bid/94959