CVE-2017-3890
First published: Fri Jan 13 2017(Updated: )
A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link.
Credit: secure@blackberry.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Blackberry Appliance-x | <=1.8.1 | |
| Blackberry Workspaces Vapp | =4.6.0 | |
| Blackberry Workspaces Vapp | =5.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-3890?
The severity of CVE-2017-3890 is classified as medium with a score of 6.1.
How do I fix CVE-2017-3890?
To fix CVE-2017-3890, upgrade the affected BlackBerry WatchDox Server components Appliance-X to version 1.8.2 or higher and vAPP to versions above 5.4.1.
What types of products are affected by CVE-2017-3890?
CVE-2017-3890 affects BlackBerry Appliance-X version 1.8.1 and earlier, along with BlackBerry Workspaces vAPP versions 4.6.0 to 5.4.1.
What kind of vulnerability is CVE-2017-3890?
CVE-2017-3890 is a reflected cross-site scripting (XSS) vulnerability that allows remote attackers to execute scripts in a user's browser.
Who can exploit CVE-2017-3890?
CVE-2017-3890 can be exploited by remote attackers who can persuade users to click on malicious links.
- collector/nvd-index
- vendor/blackberry
- product/appliance-x
- canonical/blackberry appliance-x
- product/workspaces vapp
- canonical/blackberry workspaces vapp