CVE-2017-3894

A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then...

CVE-2017-3894

The CVE-2017-3894 issue is a stored cross-site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager (UEM) 12.6.1 and earlier, and all BES12 versions. The vulnerability arises from accepting or processing a malicious script uploaded to the Management Console and...

CVE-2016-1915

Multiple cross-site scripting XSS vulnerabilities in BlackBerry Enterprise Server 12 BES12 Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to 1 mydevice/index.jsp or 2 mydevice/loggedOut.jsp...

Sql injection

Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 BES12 Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to 1 mydevice/client/image, 2 admin/client/image, 3...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in BlackBerry Enterprise Server 12 BES12 Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to 1 mydevice/index.jsp or 2 mydevice/loggedOut.jsp...

CVE-2016-1915

The CVE-2016-1915 entry describes XSS vulnerabilities in BlackBerry BES12 Self-Service prior to 12.4. Affected component: the self-service web app; vulnerable via the locale parameter in mydevice/index.jsp and mydevice/loggedOut.jsp. Impact: remote injection of script/HTML. Root cause: cross-site...

CVE-2016-1914

Summary (CVE-2016-1914) Multiple SQL injection vulnerabilities exist in the BlackBerry Enterprise Service 12 (BES12) Self-Service web app, specifically the com.rim.mdm.ui.server.ImageServlet. The flaw allows remote attackers to inject SQL via the imageName parameter in endpoints including mydevic...

CVE-2016-1915

Multiple cross-site scripting XSS vulnerabilities in BlackBerry Enterprise Server 12 BES12 Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to 1 mydevice/index.jsp or 2 mydevice/loggedOut.jsp...

CVE-2016-1914

Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 BES12 Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to 1 mydevice/client/image, 2 admin/client/image, 3...

BlackBerry Enterprise Service < 12.4 (BES12) Self-Service - Multiple Vulnerabilities

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. BlackBerry Enterprise Service 12 BES12 Self-Service Affected versions: BES12 12.4 CVE: CVE-2016-1914 and CVE-2016-1915 PDF:...

BlackBerry Enterprise Service 12.4 (BES12) Self-Service - Multiple Vulnerabilities

BlackBerry Enterprise Service 12.4 BES12 Self-Service - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. BlackBerry Enterprise Service 12 BES12 Self-Service Affected...

BlackBerry Enterprise Service < 12.4 (BES12) Self-Service - Multiple Vulnerabilities

Exploit for java platform in category web applications BlackBerry Enterprise Service 12 BES12 Self-Service Affected versions: BES12 12.4 CVE: CVE-2016-1914 and CVE-2016-1915 PDF:...

BlackBerry Enterprise Service 12 (BES12) Self-Service XSS / SQL Injection

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. BlackBerry Enterprise Service 12 BES12 Self-Service Affected versions: BES12 12.4 CVE: CVE-2016-1914 and CVE-2016-1915 PDF:...

BlackBerry Warns Many Products Vulnerable to FREAK Attack

BlackBerry is warning customers that a large portion of the company’s product portfolio is vulnerable to the FREAK SSL attack. Many versions of the BlackBerry OS and BlackBerry Enterprise Server are vulnerable to FREAK, as are a number of versions of BlackBerry Messenger. The advisory from...