CVE-2013-3693 Information

Description

The BlackBerry Universal Device Service in BlackBerry Enterprise Service (BES) 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation (RMI) interface which allows remote attackers to upload and execute arbitrary packages via a request to port 1098.

Reference

http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=1C7CE6911426BCFAF2A80C3834F4DF0F?externalId=KB35139&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl http://secunia.com/advisories/55187