CVE-2016-3128

Опубликовано: 13 янв. 2017

Источник: nvd

CVSS3: 8.2

CVSS2: 6.4

EPSS Низкий

Описание

A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES.

Ссылки

http://support.blackberry.com/kb/articleDetail?articleNumber=000038913
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/95624
http://www.securitytracker.com/id/1037585
http://support.blackberry.com/kb/articleDetail?articleNumber=000038913
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/95624
http://www.securitytracker.com/id/1037585

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:blackberry:enterprise_service:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:blackberry:enterprise_service:12.0.1:*:*:*:*:*:*:*

cpe:2.3:a:blackberry:enterprise_service:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:blackberry:enterprise_service:12.2.0:*:*:*:*:*:*:*

cpe:2.3:a:blackberry:enterprise_service:12.2.1:*:*:*:*:*:*:*

cpe:2.3:a:blackberry:enterprise_service:12.3.0:*:*:*:*:*:*:*

cpe:2.3:a:blackberry:enterprise_service:12.3.1:*:*:*:*:*:*:*

cpe:2.3:a:blackberry:enterprise_service:12.4.0:*:*:*:*:*:*:*

cpe:2.3:a:blackberry:enterprise_service:12.4.1:*:*:*:*:*:*:*

cpe:2.3:a:blackberry:enterprise_service:12.5.0a:*:*:*:*:*:*:*

cpe:2.3:a:blackberry:enterprise_service:12.5.1:*:*:*:*:*:*:*

cpe:2.3:a:blackberry:enterprise_service:12.5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00253

Низкий

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-254

Связанные уязвимости

GHSA-94c7-grvp-xm27