CVE-2011-0290

Name of the Vulnerable Software and Affected Versions BlackBerry Enterprise Server versions 5.0.3 through MR4

Description The issue allows remote authenticated users to log into arbitrary user accounts associated with the same organization. This can lead to sending messages, reading messages, reading contact lists, or causing a denial of service, resulting in login unavailability.

Recommendations For versions 5.0.3 through MR4, consider restricting access to the BlackBerry Collaboration Service to minimize the risk of exploitation. As a temporary workaround, limit the privileges of authenticated users to prevent them from accessing arbitrary user accounts.