Back to Vulnerability List

Research in Motion: BlackBerry Enterprise Server: Default Configuration Permits Arbitrary App Install on Devices

CVE-2007-3483 Critical Published

CVSS

10 High · Network

EPSS

0.00381 0.4% chance of exploit in 30d

CWE

NVD-CWE-Other Other

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary

Per NVD: “Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware.”

Affected Packages / Versions

Package: Research in Motion BlackBerry Enterprise Server (—)
Latest published version at triage time: Per NVD: BES 4.0 – 4.1
Affected range: Per NVD: BlackBerry Enterprise Server 4.0 through 4.1
Patched version: Vendor configuration hardening — see RIM advisory KB05499

Impact

NVD’s description establishes the configuration-default risk: third-party application install was permitted by default, which could be used as a malware-delivery channel onto managed devices.

Severity Rationale

NVD CVSS v2 10.0 under the original scoring methodology. v3 metrics are not present.

Fix

Apply RIM’s BES configuration hardening guidance and require code-signing on all managed-device application installs.

Disclosure timeline

TBDReported to vendor
TBDPatch / configuration guidance released
TBDPublic disclosure

Fix Commit(s)

References

Discovered by Praetorian Labs (per cve-research listing) · Published April 29, 2026

Praetorian Guard Platform

Penetration Testing Services

Advanced Offensive Security

Continuous Offensive Security

Customer Case Studies

Resources

Use Cases

About Praetorian

Join Praetorian