CVE-2013-3693

{"id": "CVE-2013-3693", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.9, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-11T22:55:36.267", "references": [{"url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do%3Bjsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/55187", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098."}, {"lang": "es", "value": "El BlackBerry Universal Device Service en BlackBerry Enterprise Service (BES) 10.0 hasta 10.1.2 no restringe adecuadamente el interface JBoss Remote method Invocation (RMI), lo que permite a atacantes remotos subir y ejecutar paquetes de forma arbitraria a trav\u00e9s de una petici\u00f3n a puerto 1098."}], "lastModified": "2023-11-07T02:16:00.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:blackberry_enterprise_service:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA67ED1D-4044-49EE-A121-859BE0A1310E"}, {"criteria": "cpe:2.3:a:blackberry:blackberry_enterprise_service:10.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42436FB4-EB59-4C5D-83F1-24157DFDE49F"}, {"criteria": "cpe:2.3:a:blackberry:blackberry_enterprise_service:10.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA706838-BCB8-412C-BA77-A000B7D2CA8B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}