Vulnerabilities > Blackberry > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-20 | CVE-2018-8892 | Cross-Site Request Forgery (CSRF) vulnerability in Blackberry Unified Endpoint Manager A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator. | 6.5 |
| 2018-12-20 | CVE-2018-8891 | Cross-site Scripting vulnerability in Blackberry Unified Endpoint Manager Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. | 4.8 |
| 2018-12-20 | CVE-2018-8888 | Cross-site Scripting vulnerability in Blackberry Unified Endpoint Manager A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. | 4.8 |
| 2018-09-19 | CVE-2018-8889 | Path Traversal vulnerability in Blackberry Enterprise Mobility Server 2.6/2.8/2.8.17.29 A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account. | 4.7 |
| 2018-03-13 | CVE-2017-17442 | Cross-site Scripting vulnerability in Blackberry Unified Endpoint Manager In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link. | 6.1 |
| 2017-11-14 | CVE-2017-9371 | Insufficient Entropy in PRNG vulnerability in Blackberry QNX Software Development Platform 6.5.0/6.6.0 In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation. | 5.9 |
| 2017-11-14 | CVE-2017-9369 | Information Exposure vulnerability in Blackberry QNX Software Development Platform 6.5.0/6.6.0 In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader. | 4.9 |
| 2017-05-10 | CVE-2017-3894 | Cross-site Scripting vulnerability in Blackberry Enterprise Service and Unified Endpoint Manager A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console. | 6.1 |
| 2017-04-13 | CVE-2016-1915 | Cross-site Scripting vulnerability in Blackberry Enterprise Service Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to (1) mydevice/index.jsp or (2) mydevice/loggedOut.jsp. | 6.1 |
| 2017-01-13 | CVE-2017-3890 | Cross-site Scripting vulnerability in Blackberry Appliance-X and Workspaces Vapp A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link. | 6.1 |