CVE-2011-0290

The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/50064
http://www.osvdb.org/76286
http://www.blackberry.com/btsc/KB28524	Exploit Vendor Advisory
http://secunia.com/advisories/46370	Vendor Advisory
http://securitytracker.com/id?1026179
https://exchange.xforce.ibmcloud.com/vulnerabilities/70519

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:rim:blackberry_enterprise_server:5.0.3:*:*:*:*:*:*:*

OR	cpe:2.3:a:microsoft:exchange_server::::::::
	cpe:2.3:a:lotus:domino::::::::

Information

Published : 2011-10-21 03:55

Updated : 2017-08-16 18:33

NVD link : CVE-2011-0290

Mitre link : CVE-2011-0290

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

rim

blackberry_enterprise_server

lotus

domino

microsoft

exchange_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/50064", "name": "50064", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/76286", "name": "76286", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.blackberry.com/btsc/KB28524", "name": "http://www.blackberry.com/btsc/KB28524", "tags": ["Exploit", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/46370", "name": "46370", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1026179", "name": "1026179", "tags": [], "refsource": "SECTRACK"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70519", "name": "bes-collaboration-service-spoofing(70519)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-0290", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-10-21T10:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rim:blackberry_enterprise_server:5.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:lotus:domino:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:33Z"}