CVE-2017-9367

CRITICAL

BlackBerry Workspaces Server - Path Traversal

Title source: llm
STIX 2.1

Description

A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0162
EPSS Percentile 73.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (19)
BlackBerry/Workspaces Server BlackBerry Workspaces Server components Appliance-X 1.11.0 to 1.11.2, vApp versions 5.6.0 to 5.6.6
blackberry/workspaces_appliance-x < 1.11.2
blackberry/workspaces_vapp 5.5.0
blackberry/workspaces_vapp 5.5.1
blackberry/workspaces_vapp 5.5.2
blackberry/workspaces_vapp 5.5.3
blackberry/workspaces_vapp 5.5.4
blackberry/workspaces_vapp 5.5.5
blackberry/workspaces_vapp 5.5.6
blackberry/workspaces_vapp 5.5.7
... and 9 more
Published Oct 16, 2017
Tracked Since Feb 18, 2026