Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for unified_endpoint_manager by blackberry

    CVE-2020-6933 (GCVE-0-2020-6933)

    Vulnerability from nvd – Published: 2020-10-14 13:31 – Updated: 2024-08-04 09:18
    VLAI
    Summary
    An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service.
    Severity
    No CVSS data available.
    CWE
    • Improper input validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a BlackBerry UEM Affected: BlackBerry UEM version 12.13.0 BlackBerry UEM version 12.12.1a QF2 and earlier BlackBerry UEM version 12.11.1 QF3 and earlier
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:18:02.593Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BlackBerry UEM",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "BlackBerry UEM version 12.13.0 BlackBerry UEM version 12.12.1a QF2 and earlier BlackBerry UEM version 12.11.1 QF3 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper input validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-14T13:31:17.000Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2020-6933",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BlackBerry UEM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "BlackBerry UEM version 12.13.0 BlackBerry UEM version 12.12.1a QF2 and earlier BlackBerry UEM version 12.11.1 QF3 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper input validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112",
                  "refsource": "MISC",
                  "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2020-6933",
        "datePublished": "2020-10-14T13:31:17.000Z",
        "dateReserved": "2020-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:18:02.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8892 (GCVE-0-2018-8892)

    Vulnerability from nvd – Published: 2018-12-20 20:00 – Updated: 2024-08-05 07:10
    VLAI
    Summary
    A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Request Forgery
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry BlackBerry UEM Affected: 12.9.0 and earlier
    Create a notification for this product.
    Date Public
    2018-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:46.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BlackBerry UEM",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.9.0 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Request Forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-20T19:57:01.000Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2018-8892",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BlackBerry UEM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.9.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Request Forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2018-8892",
        "datePublished": "2018-12-20T20:00:00.000Z",
        "dateReserved": "2018-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:10:46.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8891 (GCVE-0-2018-8891)

    Vulnerability from nvd – Published: 2018-12-20 20:00 – Updated: 2024-08-05 07:10
    VLAI
    Summary
    Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
    Severity
    No CVSS data available.
    CWE
    • Stored Cross-Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry BlackBerry UEM Affected: 12.9.0 and earlier
    Create a notification for this product.
    Date Public
    2018-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:46.960Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BlackBerry UEM",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.9.0 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stored Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-20T19:57:01.000Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2018-8891",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BlackBerry UEM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.9.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stored Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2018-8891",
        "datePublished": "2018-12-20T20:00:00.000Z",
        "dateReserved": "2018-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:10:46.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8888 (GCVE-0-2018-8888)

    Vulnerability from nvd – Published: 2018-12-20 20:00 – Updated: 2024-08-05 07:10
    VLAI
    Summary
    A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
    Severity
    No CVSS data available.
    CWE
    • Stored Cross-Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry BlackBerry UEM Affected: 12.9.1 and earlier
    Create a notification for this product.
    Date Public
    2018-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:46.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BlackBerry UEM",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.9.1 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stored Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-20T19:57:01.000Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2018-8888",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BlackBerry UEM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.9.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stored Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2018-8888",
        "datePublished": "2018-12-20T20:00:00.000Z",
        "dateReserved": "2018-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:10:46.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8890 (GCVE-0-2018-8890)

    Vulnerability from nvd – Published: 2018-10-12 13:00 – Updated: 2024-09-16 16:14
    VLAI
    Summary
    An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry UEM Affected: 12.8.0 and 12.8.1
    Create a notification for this product.
    Date Public
    2018-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:46.910Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UEM",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.8.0 and 12.8.1"
                }
              ]
            }
          ],
          "datePublic": "2018-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user\u0027s session and perform administrative actions in the context of the user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T12:57:01.000Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "DATE_PUBLIC": "2018-10-09T00:00:00",
              "ID": "CVE-2018-8890",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "UEM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.8.0 and 12.8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user\u0027s session and perform administrative actions in the context of the user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2018-8890",
        "datePublished": "2018-10-12T13:00:00.000Z",
        "dateReserved": "2018-03-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:14:12.982Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-17442 (GCVE-0-2017-17442)

    Vulnerability from nvd – Published: 2018-03-13 18:00 – Updated: 2024-09-17 03:07
    VLAI
    Summary
    In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.
    Severity
    No CVSS data available.
    CWE
    • Reflected cross-site scripting vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry UEM Management Console Affected: 12.7.1 and earlier
    Create a notification for this product.
    Date Public
    2018-03-13 04:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:51:31.411Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UEM Management Console",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.7.1 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-03-13T04:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.\u003c/p\u003e"
                }
              ],
              "value": "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected cross-site scripting vulnerability",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-07T18:53:42.307Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "DATE_PUBLIC": "2018-03-13T00:00:00",
              "ID": "CVE-2017-17442",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "UEM Management Console",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.7.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected cross-site scripting vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2017-17442",
        "datePublished": "2018-03-13T18:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:07:25.995Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3894 (GCVE-0-2017-3894)

    Vulnerability from nvd – Published: 2017-05-10 16:00 – Updated: 2024-08-05 14:39
    VLAI
    Summary
    A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.
    Severity
    No CVSS data available.
    CWE
    • XSS
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/98552 vdb-entryx_refsource_BID
    http://support.blackberry.com/kb/articleDetail?la… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038465 vdb-entryx_refsource_SECTRACK
    Impacted products
    Date Public
    2017-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.190Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98552",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98552"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565"
              },
              {
                "name": "1038465",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038465"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unified Endpoint Manager",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 12.6.2"
                }
              ]
            },
            {
              "product": "BES12",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2017-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "name": "98552",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98552"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565"
            },
            {
              "name": "1038465",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038465"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2017-3894",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unified Endpoint Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 12.6.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BES12",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "98552",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98552"
                },
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565"
                },
                {
                  "name": "1038465",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038465"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2017-3894",
        "datePublished": "2017-05-10T16:00:00.000Z",
        "dateReserved": "2016-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6933 (GCVE-0-2020-6933)

    Vulnerability from cvelistv5 – Published: 2020-10-14 13:31 – Updated: 2024-08-04 09:18
    VLAI
    Summary
    An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service.
    Severity
    No CVSS data available.
    CWE
    • Improper input validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a BlackBerry UEM Affected: BlackBerry UEM version 12.13.0 BlackBerry UEM version 12.12.1a QF2 and earlier BlackBerry UEM version 12.11.1 QF3 and earlier
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:18:02.593Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BlackBerry UEM",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "BlackBerry UEM version 12.13.0 BlackBerry UEM version 12.12.1a QF2 and earlier BlackBerry UEM version 12.11.1 QF3 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper input validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-14T13:31:17.000Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2020-6933",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BlackBerry UEM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "BlackBerry UEM version 12.13.0 BlackBerry UEM version 12.12.1a QF2 and earlier BlackBerry UEM version 12.11.1 QF3 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper input validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112",
                  "refsource": "MISC",
                  "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000068112"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2020-6933",
        "datePublished": "2020-10-14T13:31:17.000Z",
        "dateReserved": "2020-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:18:02.593Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8888 (GCVE-0-2018-8888)

    Vulnerability from cvelistv5 – Published: 2018-12-20 20:00 – Updated: 2024-08-05 07:10
    VLAI
    Summary
    A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
    Severity
    No CVSS data available.
    CWE
    • Stored Cross-Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry BlackBerry UEM Affected: 12.9.1 and earlier
    Create a notification for this product.
    Date Public
    2018-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:46.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BlackBerry UEM",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.9.1 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stored Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-20T19:57:01.000Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2018-8888",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BlackBerry UEM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.9.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stored Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2018-8888",
        "datePublished": "2018-12-20T20:00:00.000Z",
        "dateReserved": "2018-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:10:46.639Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8892 (GCVE-0-2018-8892)

    Vulnerability from cvelistv5 – Published: 2018-12-20 20:00 – Updated: 2024-08-05 07:10
    VLAI
    Summary
    A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.
    Severity
    No CVSS data available.
    CWE
    • Cross-Site Request Forgery
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry BlackBerry UEM Affected: 12.9.0 and earlier
    Create a notification for this product.
    Date Public
    2018-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:46.755Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BlackBerry UEM",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.9.0 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-Site Request Forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-20T19:57:01.000Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2018-8892",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BlackBerry UEM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.9.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-Site Request Forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2018-8892",
        "datePublished": "2018-12-20T20:00:00.000Z",
        "dateReserved": "2018-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:10:46.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8891 (GCVE-0-2018-8891)

    Vulnerability from cvelistv5 – Published: 2018-12-20 20:00 – Updated: 2024-08-05 07:10
    VLAI
    Summary
    Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
    Severity
    No CVSS data available.
    CWE
    • Stored Cross-Site Scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry BlackBerry UEM Affected: 12.9.0 and earlier
    Create a notification for this product.
    Date Public
    2018-12-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:46.960Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "BlackBerry UEM",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.9.0 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-12-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Stored Cross-Site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-20T19:57:01.000Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2018-8891",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BlackBerry UEM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.9.0 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stored Cross-Site Scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2018-8891",
        "datePublished": "2018-12-20T20:00:00.000Z",
        "dateReserved": "2018-03-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:10:46.960Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8890 (GCVE-0-2018-8890)

    Vulnerability from cvelistv5 – Published: 2018-10-12 13:00 – Updated: 2024-09-16 16:14
    VLAI
    Summary
    An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user.
    Severity
    No CVSS data available.
    CWE
    • Information disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry UEM Affected: 12.8.0 and 12.8.1
    Create a notification for this product.
    Date Public
    2018-10-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:10:46.910Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "UEM",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.8.0 and 12.8.1"
                }
              ]
            }
          ],
          "datePublic": "2018-10-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user\u0027s session and perform administrative actions in the context of the user."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T12:57:01.000Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "DATE_PUBLIC": "2018-10-09T00:00:00",
              "ID": "CVE-2018-8890",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "UEM",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.8.0 and 12.8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user\u0027s session and perform administrative actions in the context of the user."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000052161\u0026language=en_US"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2018-8890",
        "datePublished": "2018-10-12T13:00:00.000Z",
        "dateReserved": "2018-03-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:14:12.982Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-17442 (GCVE-0-2017-17442)

    Vulnerability from cvelistv5 – Published: 2018-03-13 18:00 – Updated: 2024-09-17 03:07
    VLAI
    Summary
    In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.
    Severity
    No CVSS data available.
    CWE
    • Reflected cross-site scripting vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry UEM Management Console Affected: 12.7.1 and earlier
    Create a notification for this product.
    Date Public
    2018-03-13 04:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T20:51:31.411Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "UEM Management Console",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.7.1 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2018-03-13T04:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.\u003c/p\u003e"
                }
              ],
              "value": "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Reflected cross-site scripting vulnerability",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-07T18:53:42.307Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "DATE_PUBLIC": "2018-03-13T00:00:00",
              "ID": "CVE-2017-17442",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "UEM Management Console",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "12.7.1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Reflected cross-site scripting vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2017-17442",
        "datePublished": "2018-03-13T18:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:07:25.995Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3894 (GCVE-0-2017-3894)

    Vulnerability from cvelistv5 – Published: 2017-05-10 16:00 – Updated: 2024-08-05 14:39
    VLAI
    Summary
    A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.
    Severity
    No CVSS data available.
    CWE
    • XSS
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/98552 vdb-entryx_refsource_BID
    http://support.blackberry.com/kb/articleDetail?la… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038465 vdb-entryx_refsource_SECTRACK
    Impacted products
    Date Public
    2017-05-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.190Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98552",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98552"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565"
              },
              {
                "name": "1038465",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038465"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Unified Endpoint Manager",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 12.6.2"
                }
              ]
            },
            {
              "product": "BES12",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "all versions"
                }
              ]
            }
          ],
          "datePublic": "2017-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "XSS",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-07T09:57:01.000Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "name": "98552",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98552"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565"
            },
            {
              "name": "1038465",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038465"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2017-3894",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Unified Endpoint Manager",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 12.6.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "BES12",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "all versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "XSS"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "98552",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98552"
                },
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000044565"
                },
                {
                  "name": "1038465",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038465"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2017-3894",
        "datePublished": "2017-05-10T16:00:00.000Z",
        "dateReserved": "2016-12-21T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:39:41.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }