Published: 13/04/2017 Updated: 10/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Subscribe to Blackberry Enterprise Service

Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service prior to 12.4 allow remote malicious users to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
blackberry blackberry enterprise service

( , ) (, '' ) (' ', ) , (' ( ) ( (_,) '), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( <_> ) Y Y \ /______ /\___|__ / \___ >____/|__|_| / \/ \/- \/ \/:wq (x0) '=|w| ...

BlackBerry Enterprise Service 12 (BES12) Self-Service suffers from cross site scripting and remote SQL injection vulnerabilities ...

CWE-89 http://support.blackberry.com/kb/articleDetail?articleNumber=000038033 http://security-assessment.com/files/documents/advisory/Blackberry%20BES12%20Self-Service%20Multiple%20Vulnerabilities.pdf http://seclists.org/fulldisclosure/2016/Feb/95 http://www.securitytracker.com/id/1035095 https://www.exploit-db.com/exploits/39481/https://nvd.nist.gov https://www.exploit-db.com/exploits/39481/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-1914

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect