First published: Tue Mar 13 2018(Updated: )
In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.
Credit: secure@blackberry.com secure@blackberry.com
Affected Software | Affected Version | How to fix |
---|---|---|
BlackBerry Unified Endpoint Manager | <=12.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-17442 is a reflected cross-site scripting vulnerability in BlackBerry UEM Management Console version 12.7.1 and earlier.
CVE-2017-17442 allows an attacker to execute script commands in the context of the affected UEM Management Console account.
CVE-2017-17442 has a severity rating of 6.1, which is considered medium.
An attacker can exploit CVE-2017-17442 by crafting a malicious link and persuading a user with legitimate access to click on it.
Yes, BlackBerry has released a fix for CVE-2017-17442. It is recommended to update to a version that is not affected by this vulnerability.