Sign-up

ID

VAR-201710-1334


CVE

CVE-2017-9368


TITLE

BlackBerry Workspaces Server Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-009499

DESCRIPTION

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files. xComfortEthernetCommunicationInterface (ECI) is a building automation system. An information disclosure vulnerability exists in EatonxComfortEthernetCommunicationInterface (ECI) version 1.07 and earlier, which allows remote attackers to access backup files and system logs when they are not authenticated. Eaton xComfort Ethernet Communication Interface is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Eaton xComfort Ethernet Communication Interface 1.07 and prior versions are vulnerable

Trust: 2.43

sources: NVD: CVE-2017-9368 // JVNDB: JVNDB-2017-009499 // CNVD: CNVD-2017-02369 // BID: 96542

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-02369

AFFECTED PRODUCTS

vendor:blackberrymodel:workspaces vappscope:eqversion:5.5.3

Trust: 1.6

vendor:blackberrymodel:workspaces vappscope:eqversion:5.5.0

Trust: 1.6

vendor:blackberrymodel:workspaces vappscope:eqversion:5.5.6

Trust: 1.6

vendor:blackberrymodel:workspaces vappscope:eqversion:5.5.2

Trust: 1.6

vendor:blackberrymodel:workspaces vappscope:eqversion:5.5.4

Trust: 1.6

vendor:blackberrymodel:workspaces vappscope:eqversion:5.5.1

Trust: 1.6

vendor:blackberrymodel:workspaces vappscope:eqversion:5.5.5

Trust: 1.6

vendor:blackberrymodel:workspaces vappscope:eqversion:5.5.8

Trust: 1.6

vendor:blackberrymodel:workspaces vappscope:eqversion:5.5.9

Trust: 1.6

vendor:blackberrymodel:workspaces vappscope:eqversion:5.5.7

Trust: 1.6

vendor:blackberrymodel:workspaces vappscope:eqversion:5.6.2

Trust: 1.0

vendor:blackberrymodel:workspaces vappscope:eqversion:5.6.0

Trust: 1.0

vendor:blackberrymodel:workspaces vappscope:eqversion:5.6.3

Trust: 1.0

vendor:blackberrymodel:workspaces vappscope:eqversion:5.6.4

Trust: 1.0

vendor:blackberrymodel:workspaces vappscope:eqversion:5.6.6

Trust: 1.0

vendor:blackberrymodel:workspaces vappscope:eqversion:5.6.1

Trust: 1.0

vendor:blackberrymodel:workspaces vappscope:eqversion:5.6.5

Trust: 1.0

vendor:blackberrymodel:workspaces appliance-xscope:lteversion:1.11.2

Trust: 1.0

vendor:blackberrymodel:appliance-xscope: - version: -

Trust: 0.8

vendor:blackberrymodel:vappscope: - version: -

Trust: 0.8

vendor:eatonmodel:xcomfort ethernet communication interfacescope:lteversion:<=1.07

Trust: 0.6

vendor:eatonmodel:xcomfort eciscope:eqversion:1.07

Trust: 0.3

sources: CNVD: CNVD-2017-02369 // BID: 96542 // JVNDB: JVNDB-2017-009499 // CNNVD: CNNVD-201703-089 // NVD: CVE-2017-9368

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9368
value: HIGH

Trust: 1.0

NVD: CVE-2017-9368
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-02369
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201703-089
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-9368
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-02369
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-9368
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-02369 // JVNDB: JVNDB-2017-009499 // CNNVD: CNNVD-201703-089 // NVD: CVE-2017-9368

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-009499 // NVD: CVE-2017-9368

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-089

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201703-089

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-009499

PATCH
title:BSRT-2017-006 Vulnerabilities in Workspaces Server components impact BlackBerry Workspacesurl:http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696
Trust: 0.8
title:EatonxComfortEthernetCommunicationInterface(ECI) Patch for Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/89970
Trust: 0.6
title:Eaton xComfort ECI Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=67987
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-02369 // 
            
            
            
            JVNDB: JVNDB-2017-009499 // 
            
            
            
            CNNVD: CNNVD-201703-089

EXTERNAL IDS
db:NVDid:CVE-2017-9368
Trust: 3.3
db:BIDid:96542
Trust: 1.9
db:ICS CERTid:ICSA-17-061-01
Trust: 1.5
db:JVNDBid:JVNDB-2017-009499
Trust: 0.8
db:CNVDid:CNVD-2017-02369
Trust: 0.6
db:CNNVDid:CNNVD-201703-089
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-02369 // 
            
            
            
            BID: 96542 // 
            
            
            
            JVNDB: JVNDB-2017-009499 // 
            
            
            
            CNNVD: CNNVD-201703-089 // 
            
            
            
            NVD: CVE-2017-9368

REFERENCES
url:http://support.blackberry.com/kb/articledetail?language=en_us&articlenumber=000045696
Trust: 1.6
url:https://ics-cert.us-cert.gov/advisories/icsa-17-061-01
Trust: 1.5
url:http://www.securityfocus.com/bid/96542
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9368
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9368
Trust: 0.8
url:http://www.securityfocus.com/bid/96542/
Trust: 0.6
url:http://www.eaton.eu/europe/index.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-02369 // 
            
            
            
            BID: 96542 // 
            
            
            
            JVNDB: JVNDB-2017-009499 // 
            
            
            
            CNNVD: CNNVD-201703-089 // 
            
            
            
            NVD: CVE-2017-9368

CREDITS
Maxim Rupp.
Trust: 0.3
sources:
            
            
            BID: 96542

SOURCES
db:CNVDid:CNVD-2017-02369
db:BIDid:96542
db:JVNDBid:JVNDB-2017-009499
db:CNNVDid:CNNVD-201703-089
db:NVDid:CVE-2017-9368

LAST UPDATE DATE
2025-04-20T23:40:11.073000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-02369date:2017-03-20T00:00:00
db:BIDid:96542date:2017-03-07T01:09:00
db:JVNDBid:JVNDB-2017-009499date:2017-11-14T00:00:00
db:CNNVDid:CNNVD-201703-089date:2017-10-19T00:00:00
db:NVDid:CVE-2017-9368date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-02369date:2017-03-04T00:00:00
db:BIDid:96542date:2017-03-02T00:00:00
db:JVNDBid:JVNDB-2017-009499date:2017-11-14T00:00:00
db:CNNVDid:CNNVD-201703-089date:2017-03-07T00:00:00
db:NVDid:CVE-2017-9368date:2017-10-16T21:29:00.307