CVE-2016-3128
Severity CVSS v4.0:
Pending analysis
Type:
CWE-254
Security Features
Publication date:
13/01/2017
Last modified:
20/04/2025
Description
A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES.
Impact
Base Score 3.x
8.20
Severity 3.x
HIGH
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:blackberry:enterprise_service:12.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:blackberry:enterprise_service:12.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:blackberry:enterprise_service:12.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:blackberry:enterprise_service:12.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:blackberry:enterprise_service:12.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:blackberry:enterprise_service:12.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:blackberry:enterprise_service:12.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:blackberry:enterprise_service:12.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:blackberry:enterprise_service:12.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:blackberry:enterprise_service:12.5.0a:*:*:*:*:*:*:* | ||
| cpe:2.3:a:blackberry:enterprise_service:12.5.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:blackberry:enterprise_service:12.5.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://support.blackberry.com/kb/articleDetail?articleNumber=000038913
- http://www.securityfocus.com/bid/95624
- http://www.securitytracker.com/id/1037585
- http://support.blackberry.com/kb/articleDetail?articleNumber=000038913
- http://www.securityfocus.com/bid/95624
- http://www.securitytracker.com/id/1037585