Vulnerability Name:

CVE-2011-0287 (CCN-68533)

Assigned:2011-07-12
Published:2011-07-12
Updated:2011-07-19
Summary:Unspecified vulnerability in the BlackBerry Administration API in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 5.0.1 through 5.0.3, and BlackBerry Enterprise Server Express software 5.0.1 through 5.0.3, allows remote attackers to read text files or cause a denial of service via unknown vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: Blackberry Security Advisory KB27258
Vulnerability in a BlackBerry Enterprise Server component could allow information disclosure and partial denial of service

Source: MITRE
Type: CNA
CVE-2011-0287

Source: CCN
Type: SA45242
BlackBerry Enterprise Server BlackBerry Administration API File Disclosure Vulnerability

Source: SECUNIA
Type: Vendor Advisory
45242

Source: CONFIRM
Type: Vendor Advisory
http://www.blackberry.com/btsc/KB27258

Source: CCN
Type: OSVDB ID: 73868
BlackBerry Enterprise Server BlackBerry Administration API Unspecified Remote File Disclosure

Source: BID
Type: UNKNOWN
48655

Source: CCN
Type: BID-48655
BlackBerry Enterprise Server Administration API Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
blackberry-admin-api-info-disclosure(68533)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rim:blackberry_enterprise_server:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:rim:blackberry_enterprise_server:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:rim:blackberry_enterprise_server:5.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:rim:blackberry_enterprise_server_express:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:rim:blackberry_enterprise_server_express:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:rim:blackberry_enterprise_server_express:5.0.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:rim:blackberry_enterprise_server_express:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:rim:blackberry_enterprise_server_express:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:rim:blackberry_enterprise_server_express:5.0.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    rim blackberry enterprise server 5.0.1
    rim blackberry enterprise server 5.0.2
    rim blackberry enterprise server 5.0.3
    rim blackberry enterprise server express 5.0.1
    rim blackberry enterprise server express 5.0.2
    rim blackberry enterprise server express 5.0.3
    rim blackberry enterprise server express 5.0.1
    rim blackberry enterprise server express 5.0.2
    rim blackberry enterprise server express 5.0.3