{"api_version":"1","generated_at":"2026-04-23T04:08:32+00:00","cve":"CVE-2018-8892","urls":{"html":"https://cve.report/CVE-2018-8892","api":"https://cve.report/api/cve/CVE-2018-8892.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-8892","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-8892"},"summary":{"title":"CVE-2018-8892","description":"A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.","state":"PUBLIC","assigner":"secure@blackberry.com","published_at":"2018-12-20 20:29:00","updated_at":"2019-01-03 18:35:00"},"problem_types":["CWE-352"],"metrics":[],"references":[{"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000054162","name":"http://support.blackberry.com/kb/articleDetail?articleNumber=000054162","refsource":"CONFIRM","tags":["Mitigation","Vendor Advisory"],"title":"BSRT-2018-005 Vulnerabilities in Management Console Impact Affected Versions of BlackBerry UEM","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-8892","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8892","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"8892","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackberry","cpe5":"unified_endpoint_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"8892","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackberry","cpe5":"unified_endpoint_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@blackberry.com","ID":"CVE-2018-8892","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"BlackBerry UEM","version":{"version_data":[{"version_value":"12.9.0 and earlier"}]}}]},"vendor_name":"BlackBerry"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Cross-Site Request Forgery"}]}]},"references":{"reference_data":[{"name":"http://support.blackberry.com/kb/articleDetail?articleNumber=000054162","refsource":"CONFIRM","url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000054162"}]}},"nvd":{"publishedDate":"2018-12-20 20:29:00","lastModifiedDate":"2019-01-03 18:35:00","problem_types":["CWE-352"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:blackberry:unified_endpoint_manager:*:*:*:*:*:*:*:*","versionEndExcluding":"12.9.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"8892","Ordinal":"125264","Title":"CVE-2018-8892","CVE":"CVE-2018-8892","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"8892","Ordinal":"1","NoteData":"A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"8892","Ordinal":"2","NoteData":"2018-12-20","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"8892","Ordinal":"3","NoteData":"2018-12-20","Type":"Other","Title":"Modified"}]}}}