CVE-2018-8892

Published: Dec 20, 2018Modified: Jun 17, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator.

Affected (1)

Products: Blackberry: Unified Endpoint Manager

Blackberry

1 product

Unified Endpoint Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Blackberry Unified Endpoint Manager	Before 12.9.1

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

http://support.blackberry.com/kb/articleDetail?articleNumber=000054162

Source: secure@blackberry.com

MitigationVendor Advisory

http://support.blackberry.com/kb/articleDetail?articleNumber=000054162

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.