CVE-2016-3127 - OpenCVE

An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Blackberry	Good Control Server

Configuration 1 [-]

cpe:2.3:a:blackberry:good_control_server:*:*:*:*:*:*:*:*

References

Link	Resource
http://support.blackberry.com/kb/articleDetail?articleNumber=000038301	Vendor Advisory
http://www.securityfocus.com/bid/96629	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: blackberry

Published: 2017-03-03T18:00:00

Updated: 2017-03-08T10:57:01

Reserved: 2016-03-11T00:00:00

Link: CVE-2016-3127

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-03-03T18:59:00.193

Modified: 2017-03-09T18:58:30.497

Link: CVE-2016-3127

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "BlackBerry Good Control Server versions earlier than 2.3.53.62", "vendor": "n/a", "versions": [{"status": "affected", "version": "BlackBerry Good Control Server versions earlier than 2.3.53.62"}]}], "datePublic": "2017-03-03T00:00:00", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server."}], "problemTypes": [{"descriptions": [{"description": "information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-08T10:57:01", "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry"}, "references": [{"name": "96629", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96629"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038301"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@blackberry.com", "ID": "CVE-2016-3127", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BlackBerry Good Control Server versions earlier than 2.3.53.62", "version": {"version_data": [{"version_value": "BlackBerry Good Control Server versions earlier than 2.3.53.62"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information disclosure"}]}]}, "references": {"reference_data": [{"name": "96629", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96629"}, {"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038301", "refsource": "CONFIRM", "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038301"}]}}}}, "cveMetadata": {"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "assignerShortName": "blackberry", "cveId": "CVE-2016-3127", "datePublished": "2017-03-03T18:00:00", "dateReserved": "2016-03-11T00:00:00", "dateUpdated": "2017-03-08T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:good_control_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FCB51F8-A854-41D6-8F6F-AD197C8A3A6D", "versionEndIncluding": "2.2.511.26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server."}, {"lang": "es", "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la implementaci\u00f3n de inicio de sesi\u00f3n de BlackBerry Good Control Server en versiones anteriores a 2.3.53.62 permite a atacantes remotos obtener y utilizar claves de cifrado registradas para acceder a ciertos recursos dentro de la implementaci\u00f3n Good de un cliente obteniendo acceso a ciertos archivos de registro de diagn\u00f3stico a trav\u00e9s de un inicio de sesi\u00f3n v\u00e1lido o un comprometimiento no relacionado del servidor."}], "id": "CVE-2016-3127", "lastModified": "2017-03-09T18:58:30.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-03T18:59:00.193", "references": [{"source": "secure@blackberry.com", "tags": ["Vendor Advisory"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038301"}, {"source": "secure@blackberry.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96629"}], "sourceIdentifier": "secure@blackberry.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}