Main Vulnerability Database Vulnerabilities #VU42472

Permissions, Privileges, and Access Controls in Blackberry Enterprise Service - CVE-2013-3693

Published: October 12, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42472

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2013-3693

CWE-ID: CWE-264

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: BlackBerry

Affected software:
Blackberry Enterprise Service

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.

How to mitigate CVE-2013-3693

Install update from vendor's website.

Permissions, Privileges, and Access Controls in Blackberry Enterprise Service - CVE-2013-3693

Detailed vulnerability description

How to mitigate CVE-2013-3693

Sources

Please verify you're human