CVE-2017-9367: Path Traversal
First published: Mon Oct 16 2017(Updated: )
A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.
Credit: secure@blackberry.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BlackBerry Workspaces | =5.5.0 | |
| BlackBerry Workspaces | =5.5.1 | |
| BlackBerry Workspaces | =5.5.2 | |
| BlackBerry Workspaces | =5.5.3 | |
| BlackBerry Workspaces | =5.5.4 | |
| BlackBerry Workspaces | =5.5.5 | |
| BlackBerry Workspaces | =5.5.6 | |
| BlackBerry Workspaces | =5.5.7 | |
| BlackBerry Workspaces | =5.5.8 | |
| BlackBerry Workspaces | =5.5.9 | |
| BlackBerry Workspaces | =5.6.0 | |
| BlackBerry Workspaces | =5.6.1 | |
| BlackBerry Workspaces | =5.6.2 | |
| BlackBerry Workspaces | =5.6.3 | |
| BlackBerry Workspaces | =5.6.4 | |
| BlackBerry Workspaces | =5.6.5 | |
| BlackBerry Workspaces | =5.6.6 | |
| Blackberry Workspaces Appliance-x | <=1.11.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-9367?
CVE-2017-9367 has been assigned a high severity rating due to its potential impact on security through directory traversal.
How do I fix CVE-2017-9367?
To fix CVE-2017-9367, apply the latest security updates provided by BlackBerry for the affected versions listed in the advisory.
Which versions of BlackBerry Workspaces are affected by CVE-2017-9367?
CVE-2017-9367 affects BlackBerry Workspaces Vapp versions 5.5.0 to 5.6.6 and the Appliance-x versions up to 1.11.2.
What type of attack does CVE-2017-9367 enable?
CVE-2017-9367 enables directory traversal attacks that can allow attackers to execute or upload arbitrary files on the server.
Is CVE-2017-9367 being actively exploited?
While there is no specific indication of active exploitation, the nature of CVE-2017-9367 makes it a potential target for attackers.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/blackberry
- canonical/blackberry workspaces
- version/blackberry workspaces/5.5.0
- version/blackberry workspaces/5.5.1
- version/blackberry workspaces/5.5.2
- version/blackberry workspaces/5.5.3
- version/blackberry workspaces/5.5.4
- version/blackberry workspaces/5.5.5
- version/blackberry workspaces/5.5.6
- version/blackberry workspaces/5.5.7
- version/blackberry workspaces/5.5.8
- version/blackberry workspaces/5.5.9
- version/blackberry workspaces/5.6.0
- version/blackberry workspaces/5.6.1
- version/blackberry workspaces/5.6.2
- version/blackberry workspaces/5.6.3
- version/blackberry workspaces/5.6.4
- version/blackberry workspaces/5.6.5
- version/blackberry workspaces/5.6.6
- canonical/blackberry workspaces appliance-x
- version/blackberry workspaces appliance-x/1.11.2