CVE-2015-4112

EUVD-2015-4137
The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
blackberryenterprise_server
12.0
blackberryenterprise_server
12.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.blackberry.com/btsc/KB37573
http://www.securitytracker.com/id/1034154
http://www.blackberry.com/btsc/KB37573
http://www.securitytracker.com/id/1034154