RIM this week released a security advisory to address a vulnerability in the BlackBerry Administration API included in the BlackBerry Enterprise Server that may allow an attacker with user permissions granted to the BlackBerry Administration API to disclose sensitive information or cause a denial-of-service condition.
BlackBerry Enterprise Server administrators are encouraged to review the BlackBerry security advisory KB27258 and apply any necessary updates to help mitigate the risks.
The BlackBerry Administration API is a BlackBerry Enterprise Server component that is installed on the server that hosts the BlackBerry Administration Service. The BlackBerry Administration API contains multiple web services that receive API requests from client applications. The BlackBerry Administration API then translates requests into a format that the BlackBerry Administration Service can process.
This issue affects the BlackBerry® Administration Application Programming Interface (API) component within the BlackBerry Administration Service component of the following software versions:
• BlackBerry® Enterprise Server version 5.0.0 for Microsoft Exchange, IBM Lotus Domino and Novell GroupWise (with the BlackBerry® Administration API component installed as an option only)
• BlackBerry® Enterprise Server Express 5.0.0 for Microsoft Exchange and IBM Lotus Domino (with the BlackBerry® Administration API component installed as an option only)
• BlackBerry® Enterprise Server Express versions 5.0.1, 5.0.2 and 5.0.3 for Microsoft Exchange
• BlackBerry® Enterprise Server Express versions 5.0.2 and 5.0.3 for IBM Lotus Domino
• BlackBerry® Enterprise Server versions 5.0.1, 5.0.2 and 5.0.3 for Microsoft Exchange and IBM Lotus Domino
• BlackBerry® Enterprise Server versions 5.0.1 for GroupWise
Updates form RIM are available here:
https://swdownloads.blackberry.com/Downloads/entry.do?code=7B66B4FD401A271A1C7224027CE111BC
BlackBerry smartphones and BlackBerry Device Software are NOT affected
More from SecurityWeek News
- Threat Hunting Summit Virtual Event NOW LIVE
- Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone
- Threat Modeling Firm IriusRisk Raises $29 Million
- SentinelOne Announces $100 Million Venture Fund
- Today: 2022 CISO Forum Virtual Event
- Cymulate Closes $70M Series D Funding Round
- SecurityWeek to Host CISO Forum Virtually September 13-14, 2022: Registration is Open
- Privilege Escalation Flaw Haunts VMware Tools
Latest News
- Patient Information Compromised in Data Breach at San Diego Healthcare Provider
- Germany Appoints Central Bank IT Chief to Head Cybersecurity
- OpenSSL Ships Patch for High-Severity Flaws
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
