CVE-2017-3894

A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
blackberryCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
blackberryenterprise_service
12.0
blackberryenterprise_service
12.0.1
blackberryenterprise_service
12.1
blackberryenterprise_service
12.1.0
blackberryenterprise_service
12.1.1
blackberryenterprise_service
12.2.0
blackberryenterprise_service
12.2.1
blackberryenterprise_service
12.3.0
blackberryenterprise_service
12.3.1
blackberryenterprise_service
12.4.0
blackberryenterprise_service
12.4.1
blackberryenterprise_service
12.5.0
blackberryenterprise_service
12.5.1
blackberryenterprise_service
12.5.2
blackberryunified_endpoint_manager
𝑥
≤ 12.6.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000044565
http://www.securityfocus.com/bid/98552
http://www.securitytracker.com/id/1038465
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000044565
http://www.securityfocus.com/bid/98552
http://www.securitytracker.com/id/1038465