CVE-2016-3130

HIGH

BlackBerry Enterprise Server 12-12.5.2 - Credential Exposure via Login Traffic Sniffing

Title source: llm
STIX 2.1

Description

An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/95924
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037584

Scores

CVSS v3 8.1
EPSS 0.0206
EPSS Percentile 79.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-200 CWE-255
Status published
Products (13)
blackberry/enterprise_service 12.0.0
blackberry/enterprise_service 12.0.1
blackberry/enterprise_service 12.1.0
blackberry/enterprise_service 12.2.0
blackberry/enterprise_service 12.2.1
blackberry/enterprise_service 12.3.0
blackberry/enterprise_service 12.3.1
blackberry/enterprise_service 12.4.0
blackberry/enterprise_service 12.4.1
blackberry/enterprise_service 12.5.0a
... and 3 more
Published Jan 13, 2017
Tracked Since Feb 18, 2026