BlackBerry Enterprise Server / Enterprise Service / Enterprise Server Express Information Disclosure (KB36175)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by an
information disclosure vulnerability.

Description :

The version of BlackBerry Enterprise Server on the remote host
contains an information disclosure flaw pertaining to the logging of
session management exceptions. By gaining access to certain diagnostic
logs, an authenticated attacker could discover logged credentials and
use them to impersonate a valid user.

See also :

http://www.blackberry.com/btsc/KB36175

Solution :

Apply the vendor-supplied patches.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 77327 ()

Bugtraq ID: 69211

CVE ID: CVE-2014-1469