CVE-2011-0290 - OpenCVE

The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Rim	Blackberry Enterprise Server
Lotus	Domino
Microsoft	Exchange Server

Configuration 1 [-]

AND

cpe:2.3:a:rim:blackberry_enterprise_server:5.0.3:*:*:*:*:*:*:*

OR	cpe:2.3:a:lotus:domino::::::::
	cpe:2.3:a:microsoft:exchange_server::::::::

References

Link	Resource
http://secunia.com/advisories/46370	Vendor Advisory
http://securitytracker.com/id?1026179
http://www.blackberry.com/btsc/KB28524	Exploit Vendor Advisory
http://www.osvdb.org/76286
http://www.securityfocus.com/bid/50064
https://exchange.xforce.ibmcloud.com/vulnerabilities/70519

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2011-10-21T10:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2011-01-06T00:00:00

Link: CVE-2011-0290

JSON object: View

NVD Information

Status : Modified

Published: 2011-10-21T10:55:03.757

Modified: 2017-08-17T01:33:26.337

Link: CVE-2011-0290

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-10-11T00:00:00", "descriptions": [{"lang": "en", "value": "The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "46370", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46370"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.blackberry.com/btsc/KB28524"}, {"name": "50064", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/50064"}, {"name": "1026179", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1026179"}, {"name": "76286", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/76286"}, {"name": "bes-collaboration-service-spoofing(70519)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70519"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0290", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "46370", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46370"}, {"name": "http://www.blackberry.com/btsc/KB28524", "refsource": "CONFIRM", "url": "http://www.blackberry.com/btsc/KB28524"}, {"name": "50064", "refsource": "BID", "url": "http://www.securityfocus.com/bid/50064"}, {"name": "1026179", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1026179"}, {"name": "76286", "refsource": "OSVDB", "url": "http://www.osvdb.org/76286"}, {"name": "bes-collaboration-service-spoofing(70519)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70519"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-0290", "datePublished": "2011-10-21T10:00:00", "dateReserved": "2011-01-06T00:00:00", "dateUpdated": "2017-08-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rim:blackberry_enterprise_server:5.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "11FF9320-7C94-4700-81A8-E7D7694EB97D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:lotus:domino:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB1DDF69-2820-4ADA-BB83-1E9704AF3CC6", "vulnerable": false}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "261FB692-DD0F-494F-A25A-AFCC00BE4585", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors."}, {"lang": "es", "value": "BlackBerry Collaboration Service en Research In Motion (RIM) BlackBerry Enterprise Server (BES) v5.0.3 a trav\u00e9s de MR4 para Microsoft Exchange y Lotus Domino permite, a usuarios remotos autenticados, a acceder a cuentas de usuario de su elecci\u00f3n asociados con la misma organizaci\u00f3n, y enviar mensajes, leer los mensajes, leer las listas de contactos o causar una denegaci\u00f3n de servicio (indisponibilidad de inicio de sesi\u00f3n), a trav\u00e9s de vectores no especificados."}], "id": "CVE-2011-0290", "lastModified": "2017-08-17T01:33:26.337", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-10-21T10:55:03.757", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46370"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1026179"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.blackberry.com/btsc/KB28524"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/76286"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/50064"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70519"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}