The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 up to and including 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote malicious users to upload and execute arbitrary packages via a request to port 1098.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
blackberry blackberry enterprise service 10.1.0 |
||
blackberry blackberry enterprise service 10.1.2 |
||
blackberry blackberry enterprise service 10.0 |