CVE-2017-9367

A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request.

CVSS v3 9.8 CRITICAL
CVSS v2.0 6.8 MEDIUM

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696	Vendor Advisory
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:blackberry:workspaces_vapp:5.5.0:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.5.1:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.5.2:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.5.3:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.5.4:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.5.5:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.5.6:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.5.7:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.5.8:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.5.9:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:blackberry:workspaces_vapp:5.6.0:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.6.1:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.6.2:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.6.3:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.6.4:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.6.5:::::::*
	cpe:2.3:a:blackberry:workspaces_vapp:5.6.6:::::::*

Configuration 3 (hide)

cpe:2.3:a:blackberry:workspaces_appliance-x:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:35

Type	Values Removed	Values Added
References	~~() http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696 - Vendor Advisory~~	() http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696 - Vendor Advisory

Information

Published : 2017-10-16 21:29

Updated : 2025-04-20 01:37

NVD link : CVE-2017-9367

Mitre link : CVE-2017-9367

CVE.ORG link : CVE-2017-9367

JSON object : View

Products Affected

blackberry

workspaces_vapp
workspaces_appliance-x

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2017-9367", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-10-16T21:29:00.277", "references": [{"url": "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696", "tags": ["Vendor Advisory"], "source": "secure@blackberry.com"}, {"url": "http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000045696", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request."}, {"lang": "es", "value": "Una vulnerabilidad de salto de directorio en BlackBerry Workspaces Server podr\u00eda permitir que un atacante ejecute o suba archivos arbitrarios, o que revele el contenido de archivos arbitrarios en cualquier parte del servidor web manipulando una URL con una petici\u00f3n POST manipulada."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F375EEB-9B67-4E8C-B59D-5E45D5744AC9"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CBC4987-A09A-44AD-B691-59AB62ACC9EB"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "449009A5-0F54-41D5-BE49-EADE65F77CFF"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79496E2E-38D9-4707-987D-521FD417ABC4"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA490F11-2C67-4A29-A831-BB218E52779F"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED290A07-6623-49F1-BC2F-58696CEE45F5"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72F68629-73B5-41FB-8ABE-3B49FCCF3841"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1AFC2FF-5093-4761-B72A-8D22601A965F"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7FAC0CA-253B-4013-B89A-B180D95E3310"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67D6DDE0-5DEE-406B-B96A-6C7A203BB368"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "964BBFE6-AFCC-4577-8F84-D4F71D507060"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "416765A7-911E-4327-80F0-3CA4B2A09B2A"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFB80B3C-3EF0-427C-B9FE-DD54F248DD13"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF721FB8-0BA8-4792-B409-CE71CDCF5ACE"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1F96B35-BF5D-4254-A9EA-972997DD70CD"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55D0A794-854B-40FE-A95B-776D469F426E"}, {"criteria": "cpe:2.3:a:blackberry:workspaces_vapp:5.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A47B0C9-6C09-4A5F-A473-C82618822041"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:workspaces_appliance-x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "693F0340-B3E0-48B5-8DFF-E77CC8E70315", "versionEndIncluding": "1.11.2"}], "operator": "OR"}]}], "sourceIdentifier": "secure@blackberry.com"}

9.8 /10