CVE-2013-3693

Published: Oct 11, 2013Modified: Apr 29, 2026

7.9

Vector

AV:A/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 5.5 / Impact: 10.0

Source: NVD

Description

The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.

Affected (3)

Products: Blackberry: Blackberry Enterprise Service

Blackberry

1 product

Blackberry Enterprise Service

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Blackberry Blackberry Enterprise Service	Version 10.0
Blackberry Blackberry Enterprise Service	Version 10.1.0
Blackberry Blackberry Enterprise Service	Version 10.1.2

Related CWEs

CWE-264

References (4)

http://btsc.webapps.blackberry.com/btsc/viewdocument.do%3Bjsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl

Source: cve@mitre.org

http://secunia.com/advisories/55187

Source: cve@mitre.org

Vendor Advisory

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/55187

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.