CVE-2016-3130

An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
blackberryCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
blackberryenterprise_service
12.0.0
blackberryenterprise_service
12.0.1
blackberryenterprise_service
12.1.0
blackberryenterprise_service
12.2.0
blackberryenterprise_service
12.2.1
blackberryenterprise_service
12.3.0
blackberryenterprise_service
12.3.1
blackberryenterprise_service
12.4.0
blackberryenterprise_service
12.4.1
blackberryenterprise_service
12.5.0a:a
blackberryenterprise_service
12.5.1
blackberryenterprise_service
12.5.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.blackberry.com/kb/articleDetail?articleNumber=000038914
http://www.securityfocus.com/bid/95924
http://www.securitytracker.com/id/1037584
http://support.blackberry.com/kb/articleDetail?articleNumber=000038914
http://www.securityfocus.com/bid/95924
http://www.securitytracker.com/id/1037584