CVE-2014-1467

Name of the Vulnerable Software and Affected Versions BlackBerry Enterprise Service 10 versions prior to 10.2.1 Universal Device Service version 6 Enterprise Server Express for Domino versions prior to 5.0.4 Enterprise Server Express for Exchange versions prior to 5.0.4 Enterprise Server for Domino versions prior to 5.0.4 MR6 Enterprise Server for Exchange versions prior to 5.0.4 MR6 Enterprise Server for GroupWise versions prior to 5.0.4 MR6

Description The issue allows context-dependent attackers to obtain sensitive information by reading a log file, as cleartext credentials are logged during exception handling.

Recommendations For BlackBerry Enterprise Service 10 versions prior to 10.2.1, update to version 10.2.1 or later. For Universal Device Service version 6, there is no information about a newer version that contains a fix for this issue. For Enterprise Server Express for Domino versions prior to 5.0.4, update to version 5.0.4 or later. For Enterprise Server Express for Exchange versions prior to 5.0.4, update to version 5.0.4 or later. For Enterprise Server for Domino versions prior to 5.0.4 MR6, update to version 5.0.4 MR6 or later. For Enterprise Server for Exchange versions prior to 5.0.4 MR6, update to version 5.0.4 MR6 or later. For Enterprise Server for GroupWise versions prior to 5.0.4 MR6, update to version 5.0.4 MR6 or later. As a temporary workaround, consider restricting access to log files to minimize the risk of exploitation.