Main Vulnerability Database Vulnerabilities #VU40594

Security Features in Enterprise Server - CVE-2015-4112

Published: November 19, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40594

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-4112

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mandriva

Affected software:
Enterprise Server

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue.

How to mitigate CVE-2015-4112

Install update from vendor's website.

Sources

http://www.blackberry.com/btsc/KB37573
http://www.securitytracker.com/id/1034154

Security Features in Enterprise Server - CVE-2015-4112

Detailed vulnerability description

How to mitigate CVE-2015-4112

Sources

Please verify you're human