Unrated severityNVD Advisory· Published Nov 19, 2015· Updated May 6, 2026

CVE-2015-4112

Description

The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue.

Affected products

Blackberry/Enterprise Server2 versions
cpe:2.3:a:blackberry:enterprise_server:12.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:blackberry:enterprise_server:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:blackberry:enterprise_server:12.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.blackberry.com/btsc/KB37573nvdVendor Advisory
www.securitytracker.com/id/1034154nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000