CVE-2017-9370
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.2%
An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user’s workspace by making multiple login requests to the server.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| blackberry:workspaces | blackberry workspaces | eq | - |
CNA Affected
[
{
"product": "BlackBerry Workspaces Server; WatchDox by BlackBerry Server",
"vendor": "BlackBerry",
"versions": [
{
"status": "affected",
"version": "Appliance-X versions 1.11.0 to 1.11.1"
},
{
"status": "affected",
"version": "Appliance-X versions 1.6.0 to 1.10.2"
},
{
"status": "affected",
"version": "vApp versions 5.6.0 to 5.6.4"
},
{
"status": "affected",
"version": "vApp versions 5.5.0 to 5.5.8"
},
{
"status": "affected",
"version": "vApp versions 5.1.0 to 5.4.8"
}
]
}
]Related
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.2%