CVE-2017-9368 — Sensitive Information Exposure in Workspaces Appliance-x

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 47.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Blackberry Workspaces Appliance-x Blackberry Workspaces Server Blackberry Workspaces Vapp

Timeline

PublishedOct 16

Latest updateMay 17

Description

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5blackberry/workspaces_serverBlackBerry Workspaces Server components Appliance-X 1.11.0 to 1.11.2, vApp versions 5.6.0 to 5.6.6, and vApp versions 5.5.9 and earlier

▶NVDblackberry/workspaces_appliance-x1.11.2

▶NVDblackberry/workspaces_vapp17 versions+16

🔴Vulnerability Details

GHSA

GHSA-v5j2-7w6j-265j: An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side↗2022-05-17

▶

CVEList

CVE-2017-9368: An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side↗2017-10-16

▶