CVE-2016-3127 - OpenCVE

An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Blackberry	Good Control Server

Configuration 1 [-]

cpe:2.3:a:blackberry:good_control_server:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://support.blackberry.com/kb/articleDetail?articleNumber=000038301
http://www.securityfocus.com/bid/96629

History

No history.

MITRE

Status: PUBLISHED

Assigner: blackberry

Published: 2017-03-03T18:00:00

Updated: 2024-08-05T23:47:57.391Z

Reserved: 2016-03-11T00:00:00

Link: CVE-2016-3127

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-03-03T18:59:00.193

Modified: 2017-03-09T18:58:30.497

Link: CVE-2016-3127

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "BlackBerry Good Control Server versions earlier than 2.3.53.62", "vendor": "n/a", "versions": [{"status": "affected", "version": "BlackBerry Good Control Server versions earlier than 2.3.53.62"}]}], "datePublic": "2017-03-03T00:00:00", "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server."}], "problemTypes": [{"descriptions": [{"description": "information disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-08T10:57:01", "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry"}, "references": [{"name": "96629", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96629"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038301"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@blackberry.com", "ID": "CVE-2016-3127", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BlackBerry Good Control Server versions earlier than 2.3.53.62", "version": {"version_data": [{"version_value": "BlackBerry Good Control Server versions earlier than 2.3.53.62"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "information disclosure"}]}]}, "references": {"reference_data": [{"name": "96629", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96629"}, {"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038301", "refsource": "CONFIRM", "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038301"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:47:57.391Z"}, "title": "CVE Program Container", "references": [{"name": "96629", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/96629"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038301"}]}]}, "cveMetadata": {"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "assignerShortName": "blackberry", "cveId": "CVE-2016-3127", "datePublished": "2017-03-03T18:00:00", "dateReserved": "2016-03-11T00:00:00", "dateUpdated": "2024-08-05T23:47:57.391Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:good_control_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "7FCB51F8-A854-41D6-8F6F-AD197C8A3A6D", "versionEndIncluding": "2.2.511.26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server."}, {"lang": "es", "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la implementaci\u00f3n de inicio de sesi\u00f3n de BlackBerry Good Control Server en versiones anteriores a 2.3.53.62 permite a atacantes remotos obtener y utilizar claves de cifrado registradas para acceder a ciertos recursos dentro de la implementaci\u00f3n Good de un cliente obteniendo acceso a ciertos archivos de registro de diagn\u00f3stico a trav\u00e9s de un inicio de sesi\u00f3n v\u00e1lido o un comprometimiento no relacionado del servidor."}], "id": "CVE-2016-3127", "lastModified": "2017-03-09T18:58:30.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-03T18:59:00.193", "references": [{"source": "secure@blackberry.com", "tags": ["Vendor Advisory"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038301"}, {"source": "secure@blackberry.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96629"}], "sourceIdentifier": "secure@blackberry.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}