exploitDog

CVE-2019-8997

Опубликовано: 21 мар. 2019

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field.

Ссылки

http://support.blackberry.com/kb/articleDetail?articleNumber=000047227
Vendor Advisory
http://support.blackberry.com/kb/articleDetail?articleNumber=000047227
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:blackberry:athoc:*:*:*:*:*:*:*:*

Версия до 7.6_hf-567 (исключая)

EPSS

Процентиль: 92%

0.09018

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-f476-4rjp-2jx3

CVSS3: 5.9

github

больше 3 лет назад

An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field.

EPSS

Процентиль: 92%

0.09018

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-611