Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

RIM Releases Security Advisory for Administration API Vulnerability

RIM this week released a security advisory to address a vulnerability in the BlackBerry Administration API included in the BlackBerry Enterprise Server that may allow an attacker with user permissions granted to the BlackBerry Administration API to disclose sensitive information or cause a denial-of-service condition.

RIM this week released a security advisory to address a vulnerability in the BlackBerry Administration API included in the BlackBerry Enterprise Server that may allow an attacker with user permissions granted to the BlackBerry Administration API to disclose sensitive information or cause a denial-of-service condition.

BlackBerry Enterprise Server administrators are encouraged to review the BlackBerry security advisory KB27258 and apply any necessary updates to help mitigate the risks.

The BlackBerry Administration API is a BlackBerry Enterprise Server component that is installed on the server that hosts the BlackBerry Administration Service. The BlackBerry Administration API contains multiple web services that receive API requests from client applications. The BlackBerry Administration API then translates requests into a format that the BlackBerry Administration Service can process.

This issue affects the BlackBerry® Administration Application Programming Interface (API) component within the BlackBerry Administration Service component of the following software versions:

• BlackBerry® Enterprise Server version 5.0.0 for Microsoft Exchange, IBM Lotus Domino and Novell GroupWise (with the BlackBerry® Administration API component installed as an option only)

• BlackBerry® Enterprise Server Express 5.0.0 for Microsoft Exchange and IBM Lotus Domino (with the BlackBerry® Administration API component installed as an option only)

• BlackBerry® Enterprise Server Express versions 5.0.1, 5.0.2 and 5.0.3 for Microsoft Exchange

• BlackBerry® Enterprise Server Express versions 5.0.2 and 5.0.3 for IBM Lotus Domino

• BlackBerry® Enterprise Server versions 5.0.1, 5.0.2 and 5.0.3 for Microsoft Exchange and IBM Lotus Domino

• BlackBerry® Enterprise Server versions 5.0.1 for GroupWise

Updates form RIM are available here:

https://swdownloads.blackberry.com/Downloads/entry.do?code=7B66B4FD401A271A1C7224027CE111BC

BlackBerry smartphones and BlackBerry Device Software are NOT affected

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.