CVE-2013-3693
Summary
| CVE | CVE-2013-3693 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-10-11 22:55:00 UTC |
| Updated | 2023-11-07 02:16:00 UTC |
| Description | The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Blackberry | Blackberry Enterprise Service | 10.0 | All | All | All |
| Application | Blackberry | Blackberry Enterprise Service | 10.1.0 | All | All | All |
| Application | Blackberry | Blackberry Enterprise Service | 10.1.2 | All | All | All |
| Application | Blackberry | Blackberry Enterprise Service | 10.0 | All | All | All |
| Application | Blackberry | Blackberry Enterprise Service | 10.1.0 | All | All | All |
| Application | Blackberry | Blackberry Enterprise Service | 10.1.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory SA55187 - BlackBerry Enterprise Service JBoss RMI Arbitrary Code Execution Vulnerability - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| BlackBerry Knowledge Base | btsc.webapps.blackberry.com | ||
| BlackBerry Knowledge Base | CONFIRM | btsc.webapps.blackberry.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.