CVE-2017-9367

high-risk

Published 2017-10-16

A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.

Do I need to act?

-

0.62% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

9

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (18)

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Vapp

Workspaces Appliance-X

Affected Vendors

Blackberry

References (2)

Vendor Advisory http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=0000...

Vendor Advisory http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=0000...

53

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 2/34 · Minimal

Exposure 19/34 · Moderate