Computer Security Incident Response Team of Mauritius

Vulnerability in BlackBerry Enterprise Server

Severity Rating: High

System Affected:

Version(s): 12.5.2 and prior

A vulnerability has been identified in BlackBerry Enterprise Server which allow a remote user to obtain login credentials and access sensitive information.

The vulnerability exists because of insufficient security protections between the BlackBerry Enterprise Service (BES) Core and the BES12 Management Console.

Moreover, an exploit could be leveraged to conduct further attacks.

Source:

Solution

Users are advised to apply updates.

More information is available on:

Blackberry

http://support.blackberry.com/kb/articleDetail?articleNumber=000038914

Vendor Information

Blackberry

http://global.blackberry.com/en/home.html

CVE Information

CVE-2016-3130

References

Security Tracker

http://securitytracker.com/id/1037584

Cisco

https://tools.cisco.com/security/center/viewAlert.x?alertId=52314

Contact Information

E-mail: contact@cert.ncb.mu

Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis

Top Link Bar

VN-2017-9

Subscribe to newsletter