QwikSec

Security Database

CVE

CWE

Training

CVE-2017-3894

Published: May 10, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.

Vendor	Product	Versions
BlackBerry	Unified Endpoint Manager	affected `before 12.6.2`
BlackBerry	BES12	affected `all versions`

References

vdb-entry

x_refsource_BID

http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000044565

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.