CVE-2018-8892
MEDIUMBlackBerry Unified Endpoint Manager < 12.9.1 - Cross-Site Request Forgery in Management Console
Title source: llmDescription
A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
http://support.blackberry.com/kb/articleDetail?articleNumber=000054162
Scores
CVSS v3
6.5
EPSS
0.0041
EPSS Percentile
32.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-352
Status
published
Products (1)
blackberry/unified_endpoint_manager
< 12.9.1
Published
Dec 20, 2018
Tracked Since
Feb 18, 2026