CVE-2016-3127: Infoleak
First published: Fri Mar 03 2017(Updated: )
An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server.
Credit: secure@blackberry.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BlackBerry Good Control | <=2.2.511.26 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-3127?
CVE-2016-3127 is considered a high-severity vulnerability due to its potential for information disclosure.
How do I fix CVE-2016-3127?
To mitigate CVE-2016-3127, upgrade to BlackBerry Good Control Server version 2.3.53.62 or later.
Which versions of BlackBerry Good Control Server are affected by CVE-2016-3127?
CVE-2016-3127 affects BlackBerry Good Control Server versions prior to 2.3.53.62.
What impact does CVE-2016-3127 have on users?
CVE-2016-3127 enables remote attackers to access logged encryption keys, potentially compromising resource access.
Is there a workaround for CVE-2016-3127?
No specific workaround is recommended for CVE-2016-3127; the primary solution is to upgrade the software.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/blackberry
- canonical/blackberry good control
- version/blackberry good control/2.2.511.26