CVE-2015-4112

The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue.

Published: Nov 19, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-4112
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-254

Affected Software
References

Software	From	Fixed in
blackberry / enterprise_server	12.1	12.1.x
blackberry / enterprise_server	12.0	12.0.x

http://www.blackberry.com/btsc/KB37573
http://www.securitytracker.com/id/1034154

Vulnerability Database

289,599

CVE-2015-4112