Back to search
CVE-2016-1914
Published: Apr 13, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1035095
vdb-entry
x_refsource_SECTRACK
39481
exploit
x_refsource_EXPLOIT-DB
http://support.blackberry.com/kb/articleDetail?articleNumber=000038033
x_refsource_CONFIRM
20160222 BlackBerry Enterprise Service 12 Self-Service - SQLi and Reflected XSS
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now