CVE-2016-1915

Multiple cross-site scripting XSS vulnerabilities in BlackBerry Enterprise Server 12 BES12 Self-Service before 12.4 allow remote attackers to inject arbitrary web script or HTML via the locale parameter to 1 mydevice/index.jsp or 2 mydevice/loggedOut.jsp...

Sql injection

Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 BES12 Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to 1 mydevice/client/image, 2 admin/client/image, 3...