SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BlackBerry Enterprise Server Vendors:   Research In Motion Limited
BlackBerry Enterprise Server Collaboration Service Bug Lets Remote Users Impersonate Intra-organization Messages
SecurityTracker Alert ID:  1026179
SecurityTracker URL:  http://securitytracker.com/id/1026179
CVE Reference:   CVE-2011-0290   (Links to External Site)
Date:  Oct 12 2011
Impact:   Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): for Exchange and Domino 5.0.3 through 5.0.3 MR4
Description:   A vulnerability was reported in BlackBerry Enterprise Server. A remote user can impersonate another messaging user within the same organization.

A remote user can exploit a flaw in the BlackBerry Collaboration Service component to login to the BlackBerry Collaboration Service as another BlackBerry Collaboration Service user within the same organization. The user can send messages acting as the target user.

The following versions are affected:

BlackBerry Enterprise Server for Microsoft Exchange versions 5.0.3 through 5.0.3 MR4

BlackBerry Enterprise Server for IBM Lotus Domino versions 5.0.3 through 5.0.3 MR4

Impact:   A remote messaging user can impersonate another messaging user within the same organization.
Solution:   The vendor has issued a fix (Interim Security Updated).

The vendor's advisory is available at:

http://www.blackberry.com/btsc/KB28524

Vendor URL:  www.blackberry.com/btsc/KB28524 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2000), Windows (2003), Windows (2008)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC