CVE-2017-9368

moderate-risk
Published 2017-10-16

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files.

Do I need to act?

-
0.29% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (18)

Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Vapp
Workspaces Appliance-X

Affected Vendors

Blackberry

References (4)

Vendor Advisory http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=0000...
Third Party Advisory http://www.securityfocus.com/bid/96542
Vendor Advisory http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=0000...
Third Party Advisory http://www.securityfocus.com/bid/96542
46
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 19/34 · Moderate