CVE-2016-3130

high

Description

An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt.

References

http://www.securitytracker.com/id/1037584

http://www.securityfocus.com/bid/95924

http://support.blackberry.com/kb/articleDetail?articleNumber=000038914

Details

Source: Mitre, NVD

Published: 2017-01-13

Updated: 2026-05-13

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00344