Description
An information disclosure vulnerability in the Management Console of BlackBerry UEM 12.8.0 and 12.8.1 could allow an attacker to take over a UEM user's session and perform administrative actions in the context of the user.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://support.blackberry.com/kb/articleDetail?articleNumber=000052161&language=en_US
Scores
CVSS v3
7.5
EPSS
0.0109
EPSS Percentile
61.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
blackberry/unified_endpoint_manager
12.8.0
blackberry/unified_endpoint_manager
12.8.1
Published
Oct 12, 2018
Tracked Since
Feb 18, 2026