CVE-2017-3890 - Vulnerability Details - OpenCVE

A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Blackberry	Appliance-x Workspaces Vapp

Configuration 1 [-]

cpe:2.3:a:blackberry:appliance-x:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:blackberry:workspaces_vapp:4.6.0:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.4.1:::::::*

No data.

References

Link	Providers
http://support.blackberry.com/kb/articleDetail?articleNumber=000038915
http://www.securityfocus.com/bid/95442

History

No history.

MITRE

Status: PUBLISHED

Assigner: blackberry

Published: 2017-01-13T09:00:00

Updated: 2024-08-05T14:39:41.373Z

Reserved: 2016-12-21T00:00:00

Link: CVE-2017-3890

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-01-13T09:59:00.497

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-3890

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "BlackBerry WatchDox Server", "vendor": "n/a", "versions": [{"status": "affected", "version": "BlackBerry WatchDox Server"}]}], "datePublic": "2017-01-13T00:00:00", "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link."}], "problemTypes": [{"descriptions": [{"description": "cross-site scripting", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-17T10:57:01", "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry"}, "references": [{"name": "95442", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95442"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038915"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@blackberry.com", "ID": "CVE-2017-3890", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BlackBerry WatchDox Server", "version": {"version_data": [{"version_value": "BlackBerry WatchDox Server"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "cross-site scripting"}]}]}, "references": {"reference_data": [{"name": "95442", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95442"}, {"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038915", "refsource": "CONFIRM", "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038915"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:39:41.373Z"}, "title": "CVE Program Container", "references": [{"name": "95442", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/95442"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038915"}]}]}, "cveMetadata": {"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "assignerShortName": "blackberry", "cveId": "CVE-2017-3890", "datePublished": "2017-01-13T09:00:00", "dateReserved": "2016-12-21T00:00:00", "dateUpdated": "2024-08-05T14:39:41.373Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:appliance-x:*:*:*:*:*:*:*:*", "matchCriteriaId": "ADC9816C-3AF1-416C-BC8A-63BFCC67A57D", "versionEndIncluding": "1.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:4.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3A603A1-4BB1-469C-8DB1-75D62189655E", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "6D46EFB9-56E8-4CB2-B0D5-82A1DF6530D0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link."}, {"lang": "es", "value": "Una vulnerabilidad de secuencias de comandos en sitios cruzados reflejada en los componentes de BlackBerry WatchDox Server Appliance-X versi\u00f3n 1.8.1 y anteriores y vAPP versiones 4.6.0 hasta 5.4.1, permite a atacantes remotos ejecutar secuencias de comandos en el contexto del navegador afectado persuadiendo a un usuario a hacer clic en un enlace malicioso proporcionado por el atacante."}], "id": "CVE-2017-3890", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-13T09:59:00.497", "references": [{"source": "secure@blackberry.com", "tags": ["Vendor Advisory"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038915"}, {"source": "secure@blackberry.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95442"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038915"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95442"}], "sourceIdentifier": "secure@blackberry.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}