PT-2016-5376 · Blackberry+1 · Blackberry Enterprise Mobility Server+1

Published

2016-12-16

Updated

2016-12-22

CVE-2016-3129

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BlackBerry Good Enterprise Mobility Server versions 2.1.5.3 through 2.2.22.25

Description A remote shell execution issue in the Apache Karaf command shell implementation allows remote attackers to obtain local administrator rights on the server via commands executed on the Karaf command shell.

Recommendations For versions 2.1.5.3 through 2.2.22.25, consider disabling access to the Apache Karaf command shell as a temporary workaround until a patch is available. Restrict access to the Karaf command shell to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2016-3129

Affected Products

Apache Karaf

Blackberry Enterprise Mobility Server

PT-2016-5376 · Blackberry+1 · Blackberry Enterprise Mobility Server+1

CVE-2016-3129

Related Identifiers

Affected Products

References · 4