6.4
CVSSv2

CVE-2016-3128

Published: 13/01/2017 Updated: 20/01/2017
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 8.2 | Impact Score: 4.2 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Summary

A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 up to and including 12.5.2 allows remote malicious users to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES.

Affected Products

Vendor Product Versions
BlackberryEnterprise Service12.0.0, 12.0.1, 12.1.0, 12.2.0, 12.2.1, 12.3.0, 12.3.1, 12.4.0, 12.4.1, 12.5.0a, 12.5.1, 12.5.2