CVE Vulnerabilities

CVE-2016-3128

Published: Jan 13, 2017 | Modified: Jan 20, 2017
CVSS 3.x
8.2
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES.

Affected Software

Name Vendor Start Version End Version
Enterprise_service Blackberry 12.0.0 (including) 12.0.0 (including)
Enterprise_service Blackberry 12.0.1 (including) 12.0.1 (including)
Enterprise_service Blackberry 12.1.0 (including) 12.1.0 (including)
Enterprise_service Blackberry 12.2.0 (including) 12.2.0 (including)
Enterprise_service Blackberry 12.2.1 (including) 12.2.1 (including)
Enterprise_service Blackberry 12.3.0 (including) 12.3.0 (including)
Enterprise_service Blackberry 12.3.1 (including) 12.3.1 (including)
Enterprise_service Blackberry 12.4.0 (including) 12.4.0 (including)
Enterprise_service Blackberry 12.4.1 (including) 12.4.1 (including)
Enterprise_service Blackberry 12.5.0a (including) 12.5.0a (including)
Enterprise_service Blackberry 12.5.1 (including) 12.5.1 (including)
Enterprise_service Blackberry 12.5.2 (including) 12.5.2 (including)

References