CVE-2013-3693

2013-10-1122:55:36

CWE-264

[email protected]

web.nvd.nist.gov

7.9 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.7%

JSON

The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.

Affected configurations

NVD

Node

blackberryblackberry_enterprise_serviceMatch10.0

blackberryblackberry_enterprise_serviceMatch10.1.0

blackberryblackberry_enterprise_serviceMatch10.1.2

References

btsc.webapps.blackberry.com/btsc/viewdocument.do%3Bjsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl

secunia.com/advisories/55187