SNS Vulnerability

BlackBerry Enterprise Server Management Console Multiple Vulnerabilities Fixed by 12.4

Description

(#Several vulnerabilities were reported in the management console of BlackBerry Enterprise Server (BES):#- CVE-2016-1914: SQL injection in the "imageName" parameter of Java servlet "com.rim.mdm.ui.server.ImageServlet" ; located in "/mydevice/client/image", ""/admin/client/image", "/myapps/client/image", "/ssam/client/image" and "/all/client/image" web pages##- CVE-2016-1915: cross-site scripting in the "locale" parameter of "/mydevice/index.jsp" et "/mydevice/loggedOut.jsp" web pages.##Proofs of concept are available.)

Vulnerable Products

Vulnerable Software:
Blackberry Enterprise Server for Domino (Research In Motion) - 12, 12.1, 12.2, 12.3Blackberry Enterprise Server for Exchange (Research In Motion) - 12, 12.1, 12.2, 12.3BlackBerry Enterprise Server for GroupWise (Research In Motion) - 12, 12.1, 12.2, 12.3

Solution

BlackBerry has released version 12.4 of BES which fixes these vulnerabilities.

CVE

CVE-2016-1915
CVE-2016-1914

References

- Security Assessment.com : BlackBerry Enterprise Service 12 (BES12) Self-Service
http://security-assessment.com/files/documents/advisory/Blackberry%20BES12%20Self-Service%20Multiple%20Vulnerabilities.pdf
- BSRT-2016-001 : Vulnerabilities in BES12 Management Console impacts BES12
http://support.blackberry.com/kb/articleDetail?articleNumber=000038033

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious OR statement in URL	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL	3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL	3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL	3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL	3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL	3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL	3.2.0
SQL injection Prevention - GET : possible database version probing	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL	3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
SQL injection Prevention - GET : block comment delimiters in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL	5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements	5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2016-02-15

Target Type

Server

Possible exploit

Remote