CVE-2016-3128

A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
blackberryCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
blackberryenterprise_service
12.0.0
blackberryenterprise_service
12.0.1
blackberryenterprise_service
12.1.0
blackberryenterprise_service
12.2.0
blackberryenterprise_service
12.2.1
blackberryenterprise_service
12.3.0
blackberryenterprise_service
12.3.1
blackberryenterprise_service
12.4.0
blackberryenterprise_service
12.4.1
blackberryenterprise_service
12.5.0a:a
blackberryenterprise_service
12.5.1
blackberryenterprise_service
12.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.blackberry.com/kb/articleDetail?articleNumber=000038913
http://www.securityfocus.com/bid/95624
http://www.securitytracker.com/id/1037585
http://support.blackberry.com/kb/articleDetail?articleNumber=000038913
http://www.securityfocus.com/bid/95624
http://www.securitytracker.com/id/1037585