ByteOS Network

NVD Vulnerability Details :

CVE-2016-3130

Deferred

Source-secure@blackberry.com

Published At-13 Jan, 2017 | 09:59

Updated At-20 Apr, 2025 | 01:37

An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.1	HIGH	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

BlackBerry Limited

>>enterprise_service>>12.0.0

cpe:2.3:a:blackberry:enterprise_service:12.0.0:*:*:*:*:*:*:*

BlackBerry Limited

>>enterprise_service>>12.0.1

cpe:2.3:a:blackberry:enterprise_service:12.0.1:*:*:*:*:*:*:*

BlackBerry Limited

>>enterprise_service>>12.1.0

cpe:2.3:a:blackberry:enterprise_service:12.1.0:*:*:*:*:*:*:*

BlackBerry Limited

>>enterprise_service>>12.2.0

cpe:2.3:a:blackberry:enterprise_service:12.2.0:*:*:*:*:*:*:*

BlackBerry Limited

>>enterprise_service>>12.2.1

cpe:2.3:a:blackberry:enterprise_service:12.2.1:*:*:*:*:*:*:*

BlackBerry Limited

>>enterprise_service>>12.3.0

cpe:2.3:a:blackberry:enterprise_service:12.3.0:*:*:*:*:*:*:*

BlackBerry Limited

>>enterprise_service>>12.3.1

cpe:2.3:a:blackberry:enterprise_service:12.3.1:*:*:*:*:*:*:*

BlackBerry Limited

>>enterprise_service>>12.4.0

cpe:2.3:a:blackberry:enterprise_service:12.4.0:*:*:*:*:*:*:*

BlackBerry Limited

>>enterprise_service>>12.4.1

cpe:2.3:a:blackberry:enterprise_service:12.4.1:*:*:*:*:*:*:*

BlackBerry Limited

>>enterprise_service>>12.5.0a

cpe:2.3:a:blackberry:enterprise_service:12.5.0a:*:*:*:*:*:*:*

BlackBerry Limited

>>enterprise_service>>12.5.1

cpe:2.3:a:blackberry:enterprise_service:12.5.1:*:*:*:*:*:*:*

BlackBerry Limited

>>enterprise_service>>12.5.2

cpe:2.3:a:blackberry:enterprise_service:12.5.2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov
CWE-255	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://support.blackberry.com/kb/articleDetail?articleNumber=000038914	secure@blackberry.com	N/A
http://www.securityfocus.com/bid/95924	secure@blackberry.com	N/A
http://www.securitytracker.com/id/1037584	secure@blackberry.com	N/A
http://support.blackberry.com/kb/articleDetail?articleNumber=000038914	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/95924	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id/1037584	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History