Vulnerability Description
An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blackberry | Good Control Server | <= 2.2.511.26 |
Related Weaknesses (CWE)
References
- http://support.blackberry.com/kb/articleDetail?articleNumber=000038301Vendor Advisory
- http://www.securityfocus.com/bid/96629Third Party AdvisoryVDB Entry
- http://support.blackberry.com/kb/articleDetail?articleNumber=000038301Vendor Advisory
- http://www.securityfocus.com/bid/96629Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-3127?
CVE-2016-3127 is a vulnerability with a CVSS score of 7.5 (HIGH). An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys t...
How severe is CVE-2016-3127?
CVE-2016-3127 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3127?
Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Good Control Server.