XML External Entity Injection in BlackBerry AtHoc Management System
CVE-2019-8997

5.9MEDIUM

Key Information:

Vendor: Blackberry
Status: Blackberry Athoc
Vendor: CVE Published:; 21 March 2019

Badges

👾 Exploit Exists

What is CVE-2019-8997?

The vulnerability in the Management System of BlackBerry AtHoc allows attackers to exploit an XML External Entity Injection flaw. By injecting malicious XML into an existing field, attackers may gain unauthorized access to local files on the application server and could leverage this access to initiate unexpected network requests, potentially compromising sensitive data.

Affected Version(s)

BlackBerry AtHoc 7.6 and earlier

References

http://support.blackberry.com/kb/articleDetail?articleNum...

x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 18, 2019
👾
Exploit known to exist
Apr 18, 2019
Vulnerability published
Mar 21, 2019
Vulnerability Reserved
Feb 21, 2019

Blackberry

Badges

What is CVE-2019-8997?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline