CVE-2015-4112 — MEDIUM (4.3)

Vulnerability Description

The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Blackberry	Enterprise Server	12.0

Related Weaknesses (CWE)

CWE-254

References

http://www.blackberry.com/btsc/KB37573Vendor Advisory
http://www.securitytracker.com/id/1034154
http://www.blackberry.com/btsc/KB37573Vendor Advisory
http://www.securitytracker.com/id/1034154

FAQ

What is CVE-2015-4112?

CVE-2015-4112 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks...

How severe is CVE-2015-4112?

CVE-2015-4112 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-4112?

Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Enterprise Server.