{"api_version":"1","generated_at":"2026-04-23T00:38:23+00:00","cve":"CVE-2013-3693","urls":{"html":"https://cve.report/CVE-2013-3693","api":"https://cve.report/api/cve/CVE-2013-3693.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-3693","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-3693"},"summary":{"title":"CVE-2013-3693","description":"The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2013-10-11 22:55:00","updated_at":"2023-11-07 02:16:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://secunia.com/advisories/55187","name":"55187","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Security Advisory SA55187 - BlackBerry Enterprise Service JBoss RMI Arbitrary Code Execution Vulnerability - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://btsc.webapps.blackberry.com/btsc/viewdocument.do%3Bjsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl","name":"http://btsc.webapps.blackberry.com/btsc/viewdocument.do%3Bjsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl","refsource":"","tags":[],"title":"BlackBerry Knowledge Base","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl","name":"http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"BlackBerry Knowledge Base","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-3693","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3693","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"3693","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackberry","cpe5":"blackberry_enterprise_service","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3693","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackberry","cpe5":"blackberry_enterprise_service","cpe6":"10.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3693","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackberry","cpe5":"blackberry_enterprise_service","cpe6":"10.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3693","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackberry","cpe5":"blackberry_enterprise_service","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3693","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackberry","cpe5":"blackberry_enterprise_service","cpe6":"10.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"3693","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackberry","cpe5":"blackberry_enterprise_service","cpe6":"10.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2013-3693","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl","refsource":"CONFIRM","url":"http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl"},{"name":"55187","refsource":"SECUNIA","url":"http://secunia.com/advisories/55187"}]}},"nvd":{"publishedDate":"2013-10-11 22:55:00","lastModifiedDate":"2023-11-07 02:16:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:M/Au:N/C:C/I:C/A:C","accessVector":"ADJACENT_NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.9},"severity":"HIGH","exploitabilityScore":5.5,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:blackberry:blackberry_enterprise_service:10.1.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:blackberry:blackberry_enterprise_service:10.1.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:blackberry:blackberry_enterprise_service:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"3693","Ordinal":"63352","Title":"CVE-2013-3693","CVE":"CVE-2013-3693","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"3693","Ordinal":"1","NoteData":"The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.","Type":"Description","Title":null},{"CveYear":"2013","CveId":"3693","Ordinal":"2","NoteData":"2013-10-11","Type":"Other","Title":"Published"}]}}}