Medium severity6.1NVD Advisory· Published Jan 13, 2017· Updated May 13, 2026

CVE-2017-3890

Description

A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link.

Affected products

Blackberry/Appliance X
cpe:2.3:a:blackberry:appliance-x:*:*:*:*:*:*:*:*
Range: <=1.8.1
Blackberry/Workspaces Vapp2 versions
cpe:2.3:a:blackberry:workspaces_vapp:4.6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:blackberry:workspaces_vapp:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:blackberry:workspaces_vapp:5.4.1:*:*:*:*:*:*:*
N/A/Blackberry Watchdox Serverv5
Range: BlackBerry WatchDox Server

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.blackberry.com/kb/articleDetailnvdVendor Advisory
www.securityfocus.com/bid/95442nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000