CVE-2013-3693
Summary
| CVE | CVE-2013-3693 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-10-11 22:55:36 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
AdjacentAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:A/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Blackberry | Blackberry Enterprise Service | 10.0 | All | All | All |
| Application | Blackberry | Blackberry Enterprise Service | 10.1.0 | All | All | All |
| Application | Blackberry | Blackberry Enterprise Service | 10.1.2 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| BlackBerry Knowledge Base | af854a3a-2127-422b-91ae-364da2661108 | btsc.webapps.blackberry.com | |
| Security Advisory SA55187 - BlackBerry Enterprise Service JBoss RMI Arbitrary Code Execution Vulnerability - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| BlackBerry Knowledge Base | MITRE | btsc.webapps.blackberry.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.