CVE-2016-3130
HIGHBlackBerry Enterprise Server 12-12.5.2 - Credential Exposure via Login Traffic Sniffing
Title source: llmDescription
An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt.
References (3)
Core 3
Core References
Various Sources x_refsource_confirm
http://support.blackberry.com/kb/articleDetail?articleNumber=000038914
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95924
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1037584
Scores
CVSS v3
8.1
EPSS
0.0206
EPSS Percentile
79.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
CWE-255
Status
published
Products (13)
blackberry/enterprise_service
12.0.0
blackberry/enterprise_service
12.0.1
blackberry/enterprise_service
12.1.0
blackberry/enterprise_service
12.2.0
blackberry/enterprise_service
12.2.1
blackberry/enterprise_service
12.3.0
blackberry/enterprise_service
12.3.1
blackberry/enterprise_service
12.4.0
blackberry/enterprise_service
12.4.1
blackberry/enterprise_service
12.5.0a
... and 3 more
Published
Jan 13, 2017
Tracked Since
Feb 18, 2026