CVE-2016-3129

MEDIUM

BlackBerry Good Enterprise Mobility Server <2.2.22.25 - RCE

Title source: llm

Description

A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell.

References (2)

[Vendor Advisory] http://support.blackberry.com/kb/articleDetail?articleNumber=000038814&language=None

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94959

Scores

CVSS v3 6.6

EPSS 0.0193

EPSS Percentile 83.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

Status published

Affected Products (2)

blackberry/good_enterprise_mobility_server < 2.2.22.25

n/a/BlackBerry GEMS versions 2.1.5.3 to 2.2.22.25 < BlackBerry GEMS versions 2.1.5.3 to 2.2.22.25

Timeline

Published Dec 16, 2016

Tracked Since Feb 18, 2026