Vulnerability Description
A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blackberry | Appliance-X | <= 1.8.1 |
| Blackberry | Workspaces Vapp | 4.6.0 |
Related Weaknesses (CWE)
References
- http://support.blackberry.com/kb/articleDetail?articleNumber=000038915Vendor Advisory
- http://www.securityfocus.com/bid/95442Third Party AdvisoryVDB Entry
- http://support.blackberry.com/kb/articleDetail?articleNumber=000038915Vendor Advisory
- http://www.securityfocus.com/bid/95442Third Party AdvisoryVDB Entry
FAQ
What is CVE-2017-3890?
CVE-2017-3890 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execut...
How severe is CVE-2017-3890?
CVE-2017-3890 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-3890?
Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Appliance-X, Blackberry Workspaces Vapp.