Vulnerability Details : CVE-2015-4112
The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue.
Products affected by CVE-2015-4112
- cpe:2.3:a:blackberry:enterprise_server:12.1:*:*:*:*:*:*:*
- cpe:2.3:a:blackberry:enterprise_server:12.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4112
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4112
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-4112
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4112
-
http://www.blackberry.com/btsc/KB37573
Vendor Advisory
-
http://www.securitytracker.com/id/1034154
BlackBerry Enterprise Server Input Validation Flaw in Management Console Lets Remote Conduct Cross-Site Scripting Attacks - SecurityTracker
Jump to