National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:blackberry:unified_endpoint_manager:12.7
There are 4 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-8892

A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.

Published: December 20, 2018; 03:29:00 PM -05:00
V3.0: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-8891

Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.

Published: December 20, 2018; 03:29:00 PM -05:00
V3.0: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2018-8888

A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.

Published: December 20, 2018; 03:29:00 PM -05:00
V3.0: 4.8 MEDIUM
    V2: 3.5 LOW
CVE-2017-17442

In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.

Published: March 13, 2018; 02:29:00 PM -04:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM