BlackBerry Enterprise Server / Enterprise Service / Enterprise Server Express Information Disclosure (KB36175)
Low Nessus Plugin ID 77327
SynopsisThe remote Windows host has an application that is affected by an information disclosure vulnerability.
DescriptionThe version of BlackBerry Enterprise Server on the remote host contains an information disclosure flaw pertaining to the logging of session management exceptions. By gaining access to certain diagnostic logs, an authenticated attacker could discover logged credentials and use them to impersonate a valid user.
SolutionApply the vendor-supplied patches.