Описание
The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:blackberry:blackberry_enterprise_service:10.0:*:*:*:*:*:*:*
cpe:2.3:a:blackberry:blackberry_enterprise_service:10.1.0:*:*:*:*:*:*:*
cpe:2.3:a:blackberry:blackberry_enterprise_service:10.1.2:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00268
Низкий
7.9 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.
EPSS
Процентиль: 50%
0.00268
Низкий
7.9 High
CVSS2
Дефекты
CWE-264