CVE-2016-1914

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
13/04/2017
Last modified:
20/04/2025

Description

Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:blackberry:blackberry_enterprise_service:*:*:*:*:*:*:*:* 12.3.1 (including)