Show plain JSON{"id": "CVE-2018-8891", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2018-12-20T20:29:00.433", "references": [{"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162", "tags": ["Mitigation", "Vendor Advisory"], "source": "secure@blackberry.com"}, {"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000054162", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades Cross-Site Scripting (XSS) persistente en la consola de gesti\u00f3n de BlackBerry UEM, en versiones anteriores a la 12.9.1, podr\u00edan permitir que un atacante almacene comandos script que podr\u00edan ejecutarse posteriormente en el contexto de otro administrador de la consola."}], "lastModified": "2024-11-21T04:14:32.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:unified_endpoint_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0AFB64F-41FB-4D16-98BA-40F5F7B95C5E", "versionEndExcluding": "12.9.1"}], "operator": "OR"}]}], "sourceIdentifier": "secure@blackberry.com"} 