Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-3130

An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt.

Published

2017-01-13T09:59:00.437

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200
CWE-255

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	blackberry	enterprise_service	12.0.0	Yes
Application	blackberry	enterprise_service	12.0.1	Yes
Application	blackberry	enterprise_service	12.1.0	Yes
Application	blackberry	enterprise_service	12.2.0	Yes
Application	blackberry	enterprise_service	12.2.1	Yes
Application	blackberry	enterprise_service	12.3.0	Yes
Application	blackberry	enterprise_service	12.3.1	Yes
Application	blackberry	enterprise_service	12.4.0	Yes
Application	blackberry	enterprise_service	12.4.1	Yes
Application	blackberry	enterprise_service	12.5.0a	Yes
Application	blackberry	enterprise_service	12.5.1	Yes
Application	blackberry	enterprise_service	12.5.2	Yes

References

http://support.blackberry.com/kb/articleDetail?articleNumber=000038914 ([email protected])
http://www.securityfocus.com/bid/95924 ([email protected])
http://www.securitytracker.com/id/1037584 ([email protected])
http://support.blackberry.com/kb/articleDetail?articleNumber=000038914 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/95924 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1037584 (af854a3a-2127-422b-91ae-364da2661108)