Details of VAR-201612-0175

ID

VAR-201612-0175

CVE

CVE-2016-3129

TITLE

BlackBerry Good Enterprise Mobility Server of Apache Karaf Implemented in command shell GEMS In GEMS Vulnerability to obtain local administrator privileges on the server

Trust: 0.8

sources: JVNDB: JVNDB-2016-006473

DESCRIPTION

A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote attackers to obtain local administrator rights on the GEMS server via commands executed on the Karaf command shell. BlackBerryGoodEnterpriseMobilityServer (GEMS) is an enterprise-class mobile server from Canada's BlackBerry. There is a security vulnerability in ApacheKaraf from BlackBerryGEMS version 2.1.5.3 to 2.2.22.25. BlackBerry Good Enterprise Mobility Server is prone to a remote arbitrary command-execution vulnerability because it fails to sanitize user-supplied input

Trust: 2.43

sources: NVD: CVE-2016-3129 // JVNDB: JVNDB-2016-006473 // CNVD: CNVD-2016-13021 // BID: 94959

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-13021

AFFECTED PRODUCTS

vendor:	blackberry	model:	good enterprise mobility server	scope:	lte	version:	2.2.22.25	Trust: 1.0
vendor:	blackberry	model:	good enterprise mobility server	scope:	eq	version:	2.2.22.25	Trust: 0.9
vendor:	blackberry	model:	good enterprise mobility server	scope:	eq	version:	2.1.5.3 to 2.2.22.25	Trust: 0.8
vendor:	blackberry	model:	good enterprise mobility server	scope:	gte	version:	2.1.5.3<=2.2.22.25	Trust: 0.6
vendor:	blackberry	model:	good enterprise mobility server	scope:	eq	version:	2.1.5.3	Trust: 0.3

sources: CNVD: CNVD-2016-13021 // BID: 94959 // JVNDB: JVNDB-2016-006473 // CNNVD: CNNVD-201612-572 // NVD: CVE-2016-3129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-3129
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-3129
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-13021
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201612-572
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2016-3129
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-13021
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-3129
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.7
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-13021 // JVNDB: JVNDB-2016-006473 // CNNVD: CNNVD-201612-572 // NVD: CVE-2016-3129

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2016-3129

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-572

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201612-572

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006473

PATCH

title:	BSRT-2016-008 Remote shell execution vulnerability affects Good Enterprise Mobility Server	url:	http://support.blackberry.com/kb/articleDetail?articleNumber=000038814&language=None	Trust: 0.8
title:	BlackBerryGoodEnterpriseMobilityServer arbitrary command execution vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/86651	Trust: 0.6
title:	BlackBerry Good Enterprise Mobility Server Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66599	Trust: 0.6

sources: CNVD: CNVD-2016-13021 // JVNDB: JVNDB-2016-006473 // CNNVD: CNNVD-201612-572

EXTERNAL IDS

db:	NVD	id:	CVE-2016-3129	Trust: 3.3
db:	BID	id:	94959	Trust: 1.9
db:	JVNDB	id:	JVNDB-2016-006473	Trust: 0.8
db:	CNVD	id:	CNVD-2016-13021	Trust: 0.6
db:	CNNVD	id:	CNNVD-201612-572	Trust: 0.6

sources: CNVD: CNVD-2016-13021 // BID: 94959 // JVNDB: JVNDB-2016-006473 // CNNVD: CNNVD-201612-572 // NVD: CVE-2016-3129

REFERENCES

url:	http://support.blackberry.com/kb/articledetail?articlenumber=000038814&language=none	Trust: 1.9
url:	http://www.securityfocus.com/bid/94959	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3129	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3129	Trust: 0.8
url:	http://support.blackberry.com/kb/articledetail?articlenumber=000038814&amp;language=none	Trust: 0.6
url:	http://us.blackberry.com/	Trust: 0.3

sources: CNVD: CNVD-2016-13021 // BID: 94959 // JVNDB: JVNDB-2016-006473 // CNNVD: CNNVD-201612-572 // NVD: CVE-2016-3129

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 94959

SOURCES

db:	CNVD	id:	CNVD-2016-13021
db:	BID	id:	94959
db:	JVNDB	id:	JVNDB-2016-006473
db:	CNNVD	id:	CNNVD-201612-572
db:	NVD	id:	CVE-2016-3129

LAST UPDATE DATE

2025-04-12T23:34:57.891000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-13021	date:	2016-12-26T00:00:00
db:	BID	id:	94959	date:	2016-12-20T00:12:00
db:	JVNDB	id:	JVNDB-2016-006473	date:	2017-01-04T00:00:00
db:	CNNVD	id:	CNNVD-201612-572	date:	2016-12-19T00:00:00
db:	NVD	id:	CVE-2016-3129	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-13021	date:	2016-12-26T00:00:00
db:	BID	id:	94959	date:	2016-12-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-006473	date:	2017-01-04T00:00:00
db:	CNNVD	id:	CNNVD-201612-572	date:	2016-12-19T00:00:00
db:	NVD	id:	CVE-2016-3129	date:	2016-12-16T09:59:00.200