BlackBerry Enterprise Server Collaboration Service Bug Lets Remote Users Impersonate Intra-organization Messages
|
|
SecurityTracker Alert ID: 1026179 |
|
SecurityTracker URL: http://securitytracker.com/id/1026179
|
|
CVE Reference:
CVE-2011-0290
(Links to External Site)
|
Date: Oct 12 2011
|
Impact:
Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): for Exchange and Domino 5.0.3 through 5.0.3 MR4
|
Description:
A vulnerability was reported in BlackBerry Enterprise Server. A remote user can impersonate another messaging user within the same organization.
A remote user can exploit a flaw in the BlackBerry Collaboration Service component to login to the BlackBerry Collaboration Service as another BlackBerry Collaboration Service user within the same organization. The user can send messages acting as the target user.
The following versions are affected:
BlackBerry Enterprise Server for Microsoft Exchange versions 5.0.3 through 5.0.3 MR4
BlackBerry Enterprise Server for IBM Lotus Domino versions 5.0.3 through 5.0.3 MR4
|
Impact:
A remote messaging user can impersonate another messaging user within the same organization.
|
Solution:
The vendor has issued a fix (Interim Security Updated).
The vendor's advisory is available at:
http://www.blackberry.com/btsc/KB28524
|
Vendor URL: www.blackberry.com/btsc/KB28524 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (2000), Windows (2003), Windows (2008)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 12 Oct 2011 21:46:18 +0000
Subject: BlackBerry Enterprise Server
|
http://www.blackberry.com/btsc/KB28524
CVE-2011-0290
|
|
