Vulnerability Description
In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blackberry | Unified Endpoint Manager | <= 12.7.1 |
Related Weaknesses (CWE)
References
- http://support.blackberry.com/kb/articleDetail?articleNumber=000047227Broken Link
- https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000Vendor Advisory
- http://support.blackberry.com/kb/articleDetail?articleNumber=000047227Broken Link
FAQ
What is CVE-2017-17442?
CVE-2017-17442 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected U...
How severe is CVE-2017-17442?
CVE-2017-17442 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-17442?
Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Unified Endpoint Manager.