CVE-2018-8889
MEDIUMBlackBerry Enterprise Mobility Server <2.8.17.29 - Path Traversal
Title source: llmDescription
A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context of a BEMS administrator account.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://support.blackberry.com/kb/articleDetail?articleNumber=000051590&language=en_US
Scores
CVSS v3
4.7
EPSS
0.0048
EPSS Percentile
37.8%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
blackberry/enterprise_mobility_server
< 2.8.17.29
Published
Sep 19, 2018
Tracked Since
Feb 18, 2026