BlackBerry Enterprise Server Web Desktop Manager XSS (KB26296)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by a
cross-site scripting vulnerability.

Description :

The version of BlackBerry Enterprise Server on the remote host
reportedly contains a cross-site scripting vulnerability in its Web
Desktop Manager component. An attacker may be able to leverage this
issue to execute arbitrary script code in the browser of an
authenticated user in the context of the affected site and to steal
cookie-based authentication credentials.

See also :

http://www.blackberry.com/btsc/KB26296
http://seclists.org/fulldisclosure/2011/Apr/224

Solution :

Install Service Pack 1 or 2 Interim Security Software Update for April
12th 2011, or upgrade to 5.0.2 MR5 or 5.0.3 MR1 or later.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVSS Temporal Score : 2.9
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 53829 ()

Bugtraq ID: 47324

CVE ID: CVE-2011-0286

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now