PT-2013-4570 · Red Hat+1 · Jboss+1

Published

2013-10-11

Updated

2013-10-15

CVE-2013-3693

CVSS v2.0

7.9

High

Vector

AV:A/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BlackBerry Enterprise Service (BES) versions 10.0 through 10.1.2

Description The issue concerns the BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES), which fails to properly restrict access to the JBoss Remote Method Invocation (RMI) interface. This allows remote attackers to upload and execute arbitrary packages by sending a request to port 1098.

Recommendations For versions 10.0 through 10.1.2, restrict access to the JBoss RMI interface on port 1098 to prevent remote attackers from uploading and executing arbitrary packages.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-3693

Affected Products

Blackberry Enterprise Service

Jboss

PT-2013-4570 · Red Hat+1 · Jboss+1

CVE-2013-3693

Weakness Enumeration

Related Identifiers

Affected Products

References · 3