Check: WIR1335-01
BlackBerry Enterprise Server, Part 2:
WIR1335-01
(in versions v2 r10 through v2 r8)
Title
The BES must be configured to convert HTML and RTF formatted email into text format before sending to a BlackBerry smartphone and prevent the BES from sending email messages with inline images to BlackBerry smartphones. (Cat III impact)
Discussion
HTML email and inline images in email can contain malware or links to web sites with malware.
Check Content
Verify the BES has been configured correctly. BAS >> Servers and components >> Component view >> Email >> Messaging tab. Verify "Rich content turned on" is set to "False". Verify "Automatic downloading of inline images turned on" is set to "False". If the BES is not configured as required, this is a finding. Note: The BES configurations described in this check cannot block HTML and RTF formatted email or inline images for BlackBerry devices with BlackBerry handheld software versions earlier than 4.5.
Fix Text
Configure the BES to: - Convert HTML and RTF formatted email into text format before sending to a BlackBerry smartphone; and - Prevent the BES from sending email messages with inline images to BlackBerry smartphones.
Additional Identifiers
Rule ID: SV-19929r4_rule
Vulnerability ID: V-18394
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |