exploitDog

CVE-2018-8892

Опубликовано: 20 дек. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.

Ссылки

http://support.blackberry.com/kb/articleDetail?articleNumber=000054162
Mitigation
Vendor Advisory
http://support.blackberry.com/kb/articleDetail?articleNumber=000054162
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:blackberry:unified_endpoint_manager:*:*:*:*:*:*:*:*

Версия до 12.9.1 (исключая)

EPSS

Процентиль: 30%

0.00112

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-xv7p-mvh6-j6cp

CVSS3: 6.5

github

больше 3 лет назад

A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.

EPSS

Процентиль: 30%

0.00112

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352