CVE-2018-8892

MEDIUM

BlackBerry Unified Endpoint Manager < 12.9.1 - Cross-Site Request Forgery in Management Console

Title source: llm
STIX 2.1

Description

A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.

References (1)

Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
http://support.blackberry.com/kb/articleDetail?articleNumber=000054162

Scores

CVSS v3 6.5
EPSS 0.0041
EPSS Percentile 32.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
blackberry/unified_endpoint_manager < 12.9.1
Published Dec 20, 2018
Tracked Since Feb 18, 2026