CVE-2014-1467CVE-2014-1467

Affected configuration(s):

cpe:/a:blackberry:blackberry_enterprise_service:10.0
cpe:/a:blackberry:blackberry_enterprise_service:10.1.0
cpe:/a:blackberry:blackberry_enterprise_service:10.1.2
cpe:/a:blackberry:blackberry_enterprise_service:10.2.0
cpe:/a:blackberry:blackberry_universal_device_service:6.0
cpe:/a:blackberry:enterprise_server:5.0.4:mr6:~~~exchange_server~~
cpe:/a:blackberry:enterprise_server:5.0.4:mr6:~~~groupwise~~
cpe:/a:blackberry:enterprise_server:5.0.4:mr6:~~~lotus_domino~~
cpe:/a:blackberry:enterprise_server_express:5.0.4::~~~exchange_server~~
cpe:/a:blackberry:enterprise_server_express:5.0.4::~~~lotus_domino~~

Date published: 2014-02-14T08:10:30.637-05:00

Date last modified: 2014-02-14T12:34:51.747-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.blackberry.com/btsc/KB35647

Summary: BlackBerry Enterprise Service 10 before 10.2.1, Universal Device Service 6, Enterprise Server Express for Domino through 5.0.4, Enterprise Server Express for Exchange through 5.0.4, Enterprise Server for Domino through 5.0.4 MR6, Enterprise Server for Exchange through 5.0.4 MR6, and Enterprise Server for GroupWise through 5.0.4 MR6 log cleartext credentials during exception handling, which might allow context-dependent attackers to obtain sensitive information by reading a log file.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.