CVE-2017-9370
HIGHBlackBerry Workspaces Server - Info Disclosure/Privilege Escalation
Title source: llmDescription
An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045350
Scores
CVSS v3
8.8
EPSS
0.0086
EPSS Percentile
53.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (6)
BlackBerry/BlackBerry Workspaces Server; WatchDox by BlackBerry Server
Appliance-X versions 1.11.0 to 1.11.1
BlackBerry/BlackBerry Workspaces Server; WatchDox by BlackBerry Server
Appliance-X versions 1.6.0 to 1.10.2
BlackBerry/BlackBerry Workspaces Server; WatchDox by BlackBerry Server
vApp versions 5.1.0 to 5.4.8
BlackBerry/BlackBerry Workspaces Server; WatchDox by BlackBerry Server
vApp versions 5.5.0 to 5.5.8
BlackBerry/BlackBerry Workspaces Server; WatchDox by BlackBerry Server
vApp versions 5.6.0 to 5.6.4
blackberry/workspaces
Published
Aug 09, 2017
Tracked Since
Feb 18, 2026