CVE-2016-3127

{"id": "CVE-2016-3127", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-03-03T18:59:00.193", "references": [{"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038301", "tags": ["Vendor Advisory"], "source": "secure@blackberry.com"}, {"url": "http://www.securityfocus.com/bid/96629", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@blackberry.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server."}, {"lang": "es", "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la implementaci\u00f3n de inicio de sesi\u00f3n de BlackBerry Good Control Server en versiones anteriores a 2.3.53.62 permite a atacantes remotos obtener y utilizar claves de cifrado registradas para acceder a ciertos recursos dentro de la implementaci\u00f3n Good de un cliente obteniendo acceso a ciertos archivos de registro de diagn\u00f3stico a trav\u00e9s de un inicio de sesi\u00f3n v\u00e1lido o un comprometimiento no relacionado del servidor."}], "lastModified": "2017-03-09T18:58:30.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:good_control_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FCB51F8-A854-41D6-8F6F-AD197C8A3A6D", "versionEndIncluding": "2.2.511.26"}], "operator": "OR"}]}], "sourceIdentifier": "secure@blackberry.com"}