Vulnerability Description
The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blackberry | Blackberry Enterprise Service | 10.0 |
Related Weaknesses (CWE)
References
- http://btsc.webapps.blackberry.com/btsc/viewdocument.do%3Bjsessionid=1C7CE691142
- http://secunia.com/advisories/55187Vendor Advisory
- http://btsc.webapps.blackberry.com/btsc/viewdocument.do%3Bjsessionid=1C7CE691142
- http://secunia.com/advisories/55187Vendor Advisory
FAQ
What is CVE-2013-3693?
CVE-2013-3693 is a vulnerability with a CVSS score of 7.9 (HIGH). The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows...
How severe is CVE-2013-3693?
CVE-2013-3693 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3693?
Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Blackberry Enterprise Service.