Before you think the worst of this vulnerability keep in mind that it is not currently being exploited and requires the attacker to have login access to the BES server and diagnostic logs. With that said BlackBerry has published an advisory about a new vulnerability they have patched in BES 10.2.1 and 5.0.4. What happens is that during “rare cases of an exception” certain credentials are logged in plain text in the diagnostic log. This includes shared secrets and domain credentials in a diagnostics log.
This diagnostics log is usually only available to the BES system administrator so its not a huge deal but if an attacker does get access to the log it can possibly contain these sensitive details. Obviously this is a bad thing but the fixes are pretty easy to implement. Check out the details here in the advisory.