CVE-2013-3693
First published: Fri Oct 11 2013(Updated: )
The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Blackberry Blackberry Enterprise Service | =10.0 | |
| Blackberry Blackberry Enterprise Service | =10.1.0 | |
| Blackberry Blackberry Enterprise Service | =10.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl
- http://secunia.com/advisories/55187
- http://btsc.webapps.blackberry.com/btsc/viewdocument.do%3Bjsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/blackberry
- canonical/blackberry blackberry enterprise service
- version/blackberry blackberry enterprise service/10.0
- version/blackberry blackberry enterprise service/10.1.0
- version/blackberry blackberry enterprise service/10.1.2