VAR-201612-0175
Vulnerability from variot - Updated: 2025-04-12 23:34A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell. BlackBerryGoodEnterpriseMobilityServer (GEMS) is an enterprise-class mobile server from Canada's BlackBerry. There is a security vulnerability in ApacheKaraf from BlackBerryGEMS version 2.1.5.3 to 2.2.22.25. BlackBerry Good Enterprise Mobility Server is prone to a remote arbitrary command-execution vulnerability because it fails to sanitize user-supplied input
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201612-0175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "good enterprise mobility server",
"scope": "lte",
"trust": 1.0,
"vendor": "blackberry",
"version": "2.2.22.25"
},
{
"model": "good enterprise mobility server",
"scope": "eq",
"trust": 0.9,
"vendor": "blackberry",
"version": "2.2.22.25"
},
{
"model": "good enterprise mobility server",
"scope": "eq",
"trust": 0.8,
"vendor": "blackberry",
"version": "2.1.5.3 to 2.2.22.25"
},
{
"model": "good enterprise mobility server",
"scope": "gte",
"trust": 0.6,
"vendor": "blackberry",
"version": "2.1.5.3\u003c=2.2.22.25"
},
{
"model": "good enterprise mobility server",
"scope": "eq",
"trust": 0.3,
"vendor": "blackberry",
"version": "2.1.5.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-13021"
},
{
"db": "BID",
"id": "94959"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006473"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-572"
},
{
"db": "NVD",
"id": "CVE-2016-3129"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:blackberry:good_enterprise_mobility_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006473"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "94959"
}
],
"trust": 0.3
},
"cve": "CVE-2016-3129",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2016-3129",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CNVD-2016-13021",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.7,
"id": "CVE-2016-3129",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-3129",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-3129",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-13021",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-572",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-13021"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006473"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-572"
},
{
"db": "NVD",
"id": "CVE-2016-3129"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell. BlackBerryGoodEnterpriseMobilityServer (GEMS) is an enterprise-class mobile server from Canada\u0027s BlackBerry. There is a security vulnerability in ApacheKaraf from BlackBerryGEMS version 2.1.5.3 to 2.2.22.25. BlackBerry Good Enterprise Mobility Server is prone to a remote arbitrary command-execution vulnerability because it fails to sanitize user-supplied input",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3129"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006473"
},
{
"db": "CNVD",
"id": "CNVD-2016-13021"
},
{
"db": "BID",
"id": "94959"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3129",
"trust": 3.3
},
{
"db": "BID",
"id": "94959",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006473",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-13021",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201612-572",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-13021"
},
{
"db": "BID",
"id": "94959"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006473"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-572"
},
{
"db": "NVD",
"id": "CVE-2016-3129"
}
]
},
"id": "VAR-201612-0175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-13021"
}
],
"trust": 1.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-13021"
}
]
},
"last_update_date": "2025-04-12T23:34:57.891000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BSRT-2016-008 Remote shell execution vulnerability affects Good Enterprise Mobility Server",
"trust": 0.8,
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038814\u0026language=None"
},
{
"title": "BlackBerryGoodEnterpriseMobilityServer arbitrary command execution vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/86651"
},
{
"title": "BlackBerry Good Enterprise Mobility Server Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66599"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-13021"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006473"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-572"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3129"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://support.blackberry.com/kb/articledetail?articlenumber=000038814\u0026language=none"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/94959"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3129"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3129"
},
{
"trust": 0.6,
"url": "http://support.blackberry.com/kb/articledetail?articlenumber=000038814\u0026amp;amp;language=none"
},
{
"trust": 0.3,
"url": "http://us.blackberry.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-13021"
},
{
"db": "BID",
"id": "94959"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006473"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-572"
},
{
"db": "NVD",
"id": "CVE-2016-3129"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-13021"
},
{
"db": "BID",
"id": "94959"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006473"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-572"
},
{
"db": "NVD",
"id": "CVE-2016-3129"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-13021"
},
{
"date": "2016-12-14T00:00:00",
"db": "BID",
"id": "94959"
},
{
"date": "2017-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006473"
},
{
"date": "2016-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-572"
},
{
"date": "2016-12-16T09:59:00.200000",
"db": "NVD",
"id": "CVE-2016-3129"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-13021"
},
{
"date": "2016-12-20T00:12:00",
"db": "BID",
"id": "94959"
},
{
"date": "2017-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006473"
},
{
"date": "2016-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-572"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-3129"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-572"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BlackBerry Good Enterprise Mobility Server of Apache Karaf Implemented in command shell GEMS In GEMS Vulnerability to obtain local administrator privileges on the server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006473"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-572"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…