CVE-2013-3693

Name of the Vulnerable Software and Affected Versions BlackBerry Enterprise Service (BES) versions 10.0 through 10.1.2

Description The issue concerns the BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES), which fails to properly restrict access to the JBoss Remote Method Invocation (RMI) interface. This allows remote attackers to upload and execute arbitrary packages by sending a request to port 1098.

Recommendations For versions 10.0 through 10.1.2, restrict access to the JBoss RMI interface on port 1098 to prevent remote attackers from uploading and executing arbitrary packages.