Lucene search

MitreCVE-2011-0286

HistoryApr 18, 2011 - 6:55 p.m.

CVE-2011-0286

2011-04-1818:55:00

CWE-79

mitre

web.nvd.nist.gov

cve-2011-0286

cross-site scripting

xss

blackberry web desktop manager

bes

blackberry enterprise server

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

73.3%

JSON

Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a ManageDevices action.

Affected configurations

Nvd

Node

rimblackberry_enterprise_serverMatch5.0.0

rimblackberry_enterprise_serverMatch5.0.1

rimblackberry_enterprise_serverMatch5.0.2

rimblackberry_enterprise_serverMatch5.0.3

rimblackberry_enterprise_server_expressMatch5.0.1

rimblackberry_enterprise_server_expressMatch5.0.2

VendorProductVersionCPE
rimblackberry_enterprise_server5.0.0cpe:2.3:a:rim:blackberry_enterprise_server:5.0.0:*:*:*:*:*:*:*
rimblackberry_enterprise_server5.0.1cpe:2.3:a:rim:blackberry_enterprise_server:5.0.1:*:*:*:*:*:*:*
rimblackberry_enterprise_server5.0.2cpe:2.3:a:rim:blackberry_enterprise_server:5.0.2:*:*:*:*:*:*:*
rimblackberry_enterprise_server5.0.3cpe:2.3:a:rim:blackberry_enterprise_server:5.0.3:*:*:*:*:*:*:*
rimblackberry_enterprise_server_express5.0.1cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.1:*:*:*:*:*:*:*
rimblackberry_enterprise_server_express5.0.2cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rim	blackberry_enterprise_server	5.0.0	cpe:2.3:a:rim:blackberry_enterprise_server:5.0.0:::::::*
rim	blackberry_enterprise_server	5.0.1	cpe:2.3:a:rim:blackberry_enterprise_server:5.0.1:::::::*
rim	blackberry_enterprise_server	5.0.2	cpe:2.3:a:rim:blackberry_enterprise_server:5.0.2:::::::*
rim	blackberry_enterprise_server	5.0.3	cpe:2.3:a:rim:blackberry_enterprise_server:5.0.3:::::::*
rim	blackberry_enterprise_server_express	5.0.1	cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.1:::::::*
rim	blackberry_enterprise_server_express	5.0.2	cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.2:::::::*

References

secunia.com/advisories/44183

securitytracker.com/id?1025356

www.blackberry.com/btsc/KB26296

www.cybsec.com/vuln/CYBSEC_Advisory_2011_0401_Cross_Site_Scripting_XSS_in_Blackberry_WebDesktop.pdf

www.securityfocus.com/bid/47324

www.vupen.com/english/advisories/2011/0971

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.004

Percentile

73.3%

JSON

Related for CVE-2011-0286