CVE-2011-0286

Name of the Vulnerable Software and Affected Versions BlackBerry Enterprise Server software versions prior to 5.0.2 MR5 BlackBerry Enterprise Server software versions prior to 5.0.3 MR1 BlackBerry Enterprise Server Express software version 5.0.1 BlackBerry Enterprise Server Express software version 5.0.2

Description A cross-site scripting (XSS) issue exists in the webdesktop/app component of the BlackBerry Web Desktop Manager. This allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a "ManageDevices" action.

Recommendations For BlackBerry Enterprise Server software versions prior to 5.0.2 MR5, update to version 5.0.2 MR5 or later. For BlackBerry Enterprise Server software versions prior to 5.0.3 MR1, update to version 5.0.3 MR1 or later. For BlackBerry Enterprise Server Express software version 5.0.1, update to a newer version. For BlackBerry Enterprise Server Express software version 5.0.2, update to a newer version.