The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of BlackBerry Enterprise Service: information disclosure via activity log files

Synthesis of the vulnerability 

An attacker can trigger an error with Enterprise Instant Messenger of BlackBerry Enterprise Service, in order to obtain sensitive information.
Vulnerable products: BES.
Severity of this weakness: 2/4.
Creation date: 14/08/2014.
Références of this bulletin: BSRT-2014-007, CVE-2014-1469, VIGILANCE-VUL-15186.

Description of the vulnerability 

The BlackBerry Enterprise Service product offers an Instant Messaging function.

Access to this service requires creation of a communication session and user authentication. However, in some cases, when an error occurs at the beginning or the end of session, the server records in its activity logs the secrets used for communication encryption or user authentication.

An attacker who can read the activity log files can therefore get sensitive information.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness note impacts software or systems such as BES.

Our Vigil@nce team determined that the severity of this threat note is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this computer weakness.

Solutions for this threat 

BlackBerry Enterprise Service: version 10.2.2.
The version 10.2.2 is fixed.

BlackBerry Enterprise Server: version 5.0.4 MR7.
The version 5.0.4 MR7 is fixed.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer security patch. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.