CVE-2016-1916

Name of the Vulnerable Software and Affected Versions BlackBerry Enterprise Server (BES) versions prior to 12.4.1

Description A cross-site scripting (XSS) issue exists in the Management Console of the affected software, allowing remote authenticated users with basic administrative access to inject arbitrary web script or HTML by creating a crafted policy. This leads to improper rendering on a certain Export IT screen.

Recommendations For versions prior to 12.4.1, update to version 12.4.1 or later to resolve the issue.