CVE-2017-9367
critical
CVSS v3
9.8
CVSS v2
6.8
VIR risk
9.8
Description
A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secure@blackberry.com — http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| blackberry | workspaces_vapp | 5.5.0 | |
| blackberry | workspaces_vapp | 5.5.1 | |
| blackberry | workspaces_vapp | 5.5.2 | |
| blackberry | workspaces_vapp | 5.5.3 | |
| blackberry | workspaces_vapp | 5.5.4 | |
| blackberry | workspaces_vapp | 5.5.5 | |
| blackberry | workspaces_vapp | 5.5.6 | |
| blackberry | workspaces_vapp | 5.5.7 | |
| blackberry | workspaces_vapp | 5.5.8 | |
| blackberry | workspaces_vapp | 5.5.9 | |
| blackberry | workspaces_vapp | 5.6.0 | |
| blackberry | workspaces_vapp | 5.6.1 | |
| blackberry | workspaces_vapp | 5.6.2 | |
| blackberry | workspaces_vapp | 5.6.3 | |
| blackberry | workspaces_vapp | 5.6.4 | |
| blackberry | workspaces_vapp | 5.6.5 | |
| blackberry | workspaces_vapp | 5.6.6 | |
| blackberry | workspaces_appliance-x | {"endIncluding":"1.11.2"} | |
References
CWEs
CWE-22
Verify integrity in audit chain (admin only). AS-IS.