XML External Entity Vulnerability in BlackBerry UEM
CVE-2019-8999

7.5HIGH

Key Information:

Vendor: Blackberry
Status: Blackberry Uem
Vendor: CVE Published:; 18 April 2019

What is CVE-2019-8999?

An XML External Entity vulnerability exists in the UEM Core of BlackBerry UEM, where versions prior to 12.10.1a are susceptible. This vulnerability may enable an attacker to potentially gain unauthorized read access to sensitive files on any system accessible through the UEM service account. Proper security measures and updates are crucial to mitigate these risks.

Affected Version(s)

BlackBerry UEM 12.10.1a and earlier

References

http://support.blackberry.com/kb/articleDetail?articleNum...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2019
Vulnerability Reserved
Feb 21, 2019

Blackberry

What is CVE-2019-8999?

Affected Version(s)

References

CVSS V3.1

Timeline