CVE-2016-3127

HIGH

BlackBerry Good Control Server < 2.3.53.62 - Unauthorized Sensitive Information Exposure via Diagnostic Log Files

Title source: llm
STIX 2.1

Description

An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/96629

Scores

CVSS v3 7.5
EPSS 0.0138
EPSS Percentile 68.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
blackberry/good_control_server < 2.2.511.26
n/a/BlackBerry Good Control Server versions earlier than 2.3.53.62 BlackBerry Good Control Server versions earlier than 2.3.53.62
Published Mar 03, 2017
Tracked Since Feb 18, 2026