CVE-2011-0286

CVSS V2 Medium 4.3 CVSS V3 None
Description
Cross-site scripting (XSS) vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote attackers to inject arbitrary web script or HTML via the displayErrorMessage parameter in a ManageDevices action.
Overview
  • CVE ID
  • CVE-2011-0286
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2011-04-18T18:55:00
  • Last Modified Date
  • 2011-04-18T18:55:00
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:rim:blackberry_enterprise_server:5.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rim:blackberry_enterprise_server:5.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rim:blackberry_enterprise_server:5.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rim:blackberry_enterprise_server:5.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rim:blackberry_enterprise_server_express:5.0.2:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://www.blackberry.com/btsc/KB26296 Vendor Advisory
http://www.cybsec.com/vuln/CYBSEC_Advisory_2011_0401_Cross_Site_Scripting_XSS_in_Blackberry_WebDesktop.pdf Exploit
http://securitytracker.com/id?1025356
http://www.securityfocus.com/bid/47324
http://secunia.com/advisories/44183 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0971 Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2011-0286
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0286
History
Created Old Value New Value Data Type Notes
2022-05-10 11:00:48 Added to TrackCVE