Vulnerabilities > Blackberry

DATE CVE VULNERABILITY TITLE RISK
2017-11-14 CVE-2017-9369 Information Exposure vulnerability in Blackberry QNX Software Development Platform 6.5.0/6.6.0
In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader.
network
low complexity
blackberry CWE-200
4.9
2017-11-14 CVE-2017-3893 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Blackberry QNX Software Development Platform 6.6.0
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks.
network
low complexity
blackberry CWE-119
7.5
2017-11-14 CVE-2017-3892 Information Exposure vulnerability in Blackberry QNX Software Development Platform 6.6.0
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources.
network
low complexity
blackberry CWE-200
7.5
2017-11-14 CVE-2017-3891 Incorrect Authorization vulnerability in Blackberry QNX Software Development Platform 6.6.0
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.
network
high complexity
blackberry CWE-863
8.1
2017-10-16 CVE-2017-9368 Information Exposure vulnerability in Blackberry Workspaces Appliance-X and Workspaces Vapp
An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files.
network
low complexity
blackberry CWE-200
7.5
2017-10-16 CVE-2017-9367 Path Traversal vulnerability in Blackberry Workspaces Appliance-X and Workspaces Vapp
A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.
network
low complexity
blackberry CWE-22
critical
9.8
2017-08-09 CVE-2017-9370 Improper Authentication vulnerability in Blackberry Workspaces
An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server.
network
low complexity
blackberry CWE-287
8.8
2017-05-10 CVE-2017-3894 Cross-site Scripting vulnerability in Blackberry Enterprise Service and Unified Endpoint Manager
A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.
network
low complexity
blackberry CWE-79
6.1
2017-04-13 CVE-2016-1915 Cross-site Scripting vulnerability in Blackberry Enterprise Service
Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp.
network
low complexity
blackberry CWE-79
6.1
2017-04-13 CVE-2016-1914 SQL Injection vulnerability in Blackberry Enterprise Service
Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image.
network
low complexity
blackberry CWE-89
8.8