Search criteria
12 vulnerabilities found for unified_endpoint_management by blackberry
FKIE_CVE-2021-22153
Vulnerability from fkie_nvd - Published: 2021-05-13 11:15 - Updated: 2024-11-21 05:49
Severity ?
Summary
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of the user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | unified_endpoint_management | * | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.13.0 | |
| blackberry | unified_endpoint_management | 12.13.0 | |
| blackberry | unified_endpoint_management | 12.13.1 | |
| blackberry | unified_endpoint_management | 12.13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB3D5E6-0613-45E2-8575-07DD6CD77BF4",
"versionEndIncluding": "12.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "D6ED78FF-D486-4FE6-9599-7738729D8F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_2:*:*:*:*:*:*",
"matchCriteriaId": "593930DE-6A05-48B3-A886-87E72DDCD44C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "A07E7ACB-B93D-4774-BFE2-8CEAE89AFDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_4:*:*:*:*:*:*",
"matchCriteriaId": "984D7F36-D826-4D38-882C-9C822C4CDDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_5:*:*:*:*:*:*",
"matchCriteriaId": "B5DC0EDB-41B6-4605-AF43-37A0701C96CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_6:*:*:*:*:*:*",
"matchCriteriaId": "03BB3AC1-DC2B-4871-A47C-23E5AFE8E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "925C2316-6DE8-40ED-AFF2-F4A9849D2B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.0:mr1:*:*:*:*:*:*",
"matchCriteriaId": "B153A25D-8D7C-4734-8BB9-93C5E6385BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.1:quick_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "36AFE854-85F3-4157-A2C5-8FE374485FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.1:quick_fix_2:*:*:*:*:*:*",
"matchCriteriaId": "61B8E4D4-E3DB-4693-BF88-513687E45BA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim\u2019s local machine with the authority of the user."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en el componente de la Consola de Administraci\u00f3n de BlackBerry UEM versi\u00f3n(s) 12.13.1 QF2 12.12.1 y anteriores y 12.12.1aQF6 y anteriores, podr\u00eda permitir a un atacante potencialmente causar que la aplicaci\u00f3n de hoja de c\u00e1lculo ejecute comandos en la m\u00e1quina local de la v\u00edctima con la autoridad del usuario"
}
],
"id": "CVE-2021-22153",
"lastModified": "2024-11-21T05:49:36.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-13T11:15:07.953",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22152
Vulnerability from fkie_nvd - Published: 2021-05-13 11:15 - Updated: 2024-11-21 05:49
Severity ?
Summary
A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | unified_endpoint_management | * | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.13.0 | |
| blackberry | unified_endpoint_management | 12.13.0 | |
| blackberry | unified_endpoint_management | 12.13.1 | |
| blackberry | unified_endpoint_management | 12.13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB3D5E6-0613-45E2-8575-07DD6CD77BF4",
"versionEndIncluding": "12.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "D6ED78FF-D486-4FE6-9599-7738729D8F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_2:*:*:*:*:*:*",
"matchCriteriaId": "593930DE-6A05-48B3-A886-87E72DDCD44C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "A07E7ACB-B93D-4774-BFE2-8CEAE89AFDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_4:*:*:*:*:*:*",
"matchCriteriaId": "984D7F36-D826-4D38-882C-9C822C4CDDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_5:*:*:*:*:*:*",
"matchCriteriaId": "B5DC0EDB-41B6-4605-AF43-37A0701C96CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_6:*:*:*:*:*:*",
"matchCriteriaId": "03BB3AC1-DC2B-4871-A47C-23E5AFE8E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "925C2316-6DE8-40ED-AFF2-F4A9849D2B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.0:mr1:*:*:*:*:*:*",
"matchCriteriaId": "B153A25D-8D7C-4734-8BB9-93C5E6385BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.1:quick_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "36AFE854-85F3-4157-A2C5-8FE374485FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.1:quick_fix_2:*:*:*:*:*:*",
"matchCriteriaId": "61B8E4D4-E3DB-4693-BF88-513687E45BA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections."
},
{
"lang": "es",
"value": "Una Denegaci\u00f3n de Servicio debido a una vulnerabilidad de Comprobaci\u00f3n de entrada Inapropiada en el componente de la Consola de Administraci\u00f3n de BlackBerry UEM versi\u00f3n(s) 12.13.1 QF2 12.12.1 y anteriores y 12.12.1aQF6 y anteriores podr\u00eda permitir a un atacante impedir potencialmente cualquier conexi\u00f3n de usuario nuevo"
}
],
"id": "CVE-2021-22152",
"lastModified": "2024-11-21T05:49:36.537",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-13T11:15:07.923",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-22154
Vulnerability from fkie_nvd - Published: 2021-05-13 11:15 - Updated: 2024-11-21 05:49
Severity ?
Summary
An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim's web history.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | unified_endpoint_management | * | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.12.1a | |
| blackberry | unified_endpoint_management | 12.13.0 | |
| blackberry | unified_endpoint_management | 12.13.0 | |
| blackberry | unified_endpoint_management | 12.13.1 | |
| blackberry | unified_endpoint_management | 12.13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BB3D5E6-0613-45E2-8575-07DD6CD77BF4",
"versionEndIncluding": "12.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "D6ED78FF-D486-4FE6-9599-7738729D8F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_2:*:*:*:*:*:*",
"matchCriteriaId": "593930DE-6A05-48B3-A886-87E72DDCD44C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_3:*:*:*:*:*:*",
"matchCriteriaId": "A07E7ACB-B93D-4774-BFE2-8CEAE89AFDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_4:*:*:*:*:*:*",
"matchCriteriaId": "984D7F36-D826-4D38-882C-9C822C4CDDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_5:*:*:*:*:*:*",
"matchCriteriaId": "B5DC0EDB-41B6-4605-AF43-37A0701C96CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_6:*:*:*:*:*:*",
"matchCriteriaId": "03BB3AC1-DC2B-4871-A47C-23E5AFE8E72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "925C2316-6DE8-40ED-AFF2-F4A9849D2B85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.0:mr1:*:*:*:*:*:*",
"matchCriteriaId": "B153A25D-8D7C-4734-8BB9-93C5E6385BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.1:quick_fix_1:*:*:*:*:*:*",
"matchCriteriaId": "36AFE854-85F3-4157-A2C5-8FE374485FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.1:quick_fix_2:*:*:*:*:*:*",
"matchCriteriaId": "61B8E4D4-E3DB-4693-BF88-513687E45BA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim\u0027s web history."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Divulgaci\u00f3n de Informaci\u00f3n en el componente de la Consola de Administraci\u00f3n de BlackBerry UEM versi\u00f3n(s) 12.13.1 QF2 12.12.1 y anteriores y 12.12.1aQF6 y anteriores, podr\u00eda permitir a un atacante conseguir acceso potencial al historial web de la v\u00edctima"
}
],
"id": "CVE-2021-22154",
"lastModified": "2024-11-21T05:49:36.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-13T11:15:07.980",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-8999
Vulnerability from fkie_nvd - Published: 2019-04-18 17:29 - Updated: 2024-11-21 04:50
Severity ?
Summary
An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.
References
| URL | Tags | ||
|---|---|---|---|
| secure@blackberry.com | http://support.blackberry.com/kb/articleDetail?articleNumber=000056241 | Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.blackberry.com/kb/articleDetail?articleNumber=000056241 | Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | unified_endpoint_management | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88290FA0-8A95-44CA-9094-DD0470A84C5F",
"versionEndIncluding": "12.10.1a",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account."
},
{
"lang": "es",
"value": "Una vulnerabilidad de entidad externa XML en el UEM Core de BlackBerry UEM anterior a la versi\u00f3n 12.10.1a podr\u00eda permitir a un atacante conseguir acceso de lectura a archivos en cualquier sistema accesible por la cuenta de servicio UEM."
}
],
"id": "CVE-2019-8999",
"lastModified": "2024-11-21T04:50:47.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-18T17:29:01.430",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000056241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000056241"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-22154 (GCVE-0-2021-22154)
Vulnerability from cvelistv5 – Published: 2021-05-13 10:44 – Updated: 2024-08-03 18:37
VLAI?
Summary
An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim's web history.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:16.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim\u0027s web history."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:44:01",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2021-22154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim\u0027s web history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971",
"refsource": "MISC",
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2021-22154",
"datePublished": "2021-05-13T10:44:01",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:37:16.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22153 (GCVE-0-2021-22153)
Vulnerability from cvelistv5 – Published: 2021-05-13 10:43 – Updated: 2024-08-03 18:37
VLAI?
Summary
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of the user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:17.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim\u2019s local machine with the authority of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:43:52",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2021-22153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim\u2019s local machine with the authority of the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971",
"refsource": "MISC",
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2021-22153",
"datePublished": "2021-05-13T10:43:52",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:37:17.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22152 (GCVE-0-2021-22152)
Vulnerability from cvelistv5 – Published: 2021-05-13 10:43 – Updated: 2024-08-03 18:37
VLAI?
Summary
A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:16.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:43:47",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2021-22152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971",
"refsource": "MISC",
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2021-22152",
"datePublished": "2021-05-13T10:43:47",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:37:16.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8999 (GCVE-0-2019-8999)
Vulnerability from cvelistv5 – Published: 2019-04-18 16:51 – Updated: 2024-08-04 21:31
VLAI?
Summary
An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.
Severity ?
No CVSS data available.
CWE
- XML External Entity
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | BlackBerry UEM |
Affected:
12.10.1a and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000056241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BlackBerry UEM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.10.1a and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-18T16:51:41",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000056241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2019-8999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlackBerry UEM",
"version": {
"version_data": [
{
"version_value": "12.10.1a and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000056241",
"refsource": "MISC",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000056241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2019-8999",
"datePublished": "2019-04-18T16:51:41",
"dateReserved": "2019-02-21T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22154 (GCVE-0-2021-22154)
Vulnerability from nvd – Published: 2021-05-13 10:44 – Updated: 2024-08-03 18:37
VLAI?
Summary
An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim's web history.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:16.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim\u0027s web history."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:44:01",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2021-22154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gain access to a victim\u0027s web history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971",
"refsource": "MISC",
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2021-22154",
"datePublished": "2021-05-13T10:44:01",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:37:16.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22153 (GCVE-0-2021-22153)
Vulnerability from nvd – Published: 2021-05-13 10:43 – Updated: 2024-08-03 18:37
VLAI?
Summary
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of the user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:17.176Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim\u2019s local machine with the authority of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:43:52",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2021-22153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim\u2019s local machine with the authority of the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971",
"refsource": "MISC",
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2021-22153",
"datePublished": "2021-05-13T10:43:52",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:37:17.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22152 (GCVE-0-2021-22152)
Vulnerability from nvd – Published: 2021-05-13 10:43 – Updated: 2024-08-03 18:37
VLAI?
Summary
A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:16.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-13T10:43:47",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2021-22152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971",
"refsource": "MISC",
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2021-22152",
"datePublished": "2021-05-13T10:43:47",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:37:16.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8999 (GCVE-0-2019-8999)
Vulnerability from nvd – Published: 2019-04-18 16:51 – Updated: 2024-08-04 21:31
VLAI?
Summary
An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.
Severity ?
No CVSS data available.
CWE
- XML External Entity
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | BlackBerry UEM |
Affected:
12.10.1a and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000056241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BlackBerry UEM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "12.10.1a and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML External Entity",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-18T16:51:41",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000056241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2019-8999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlackBerry UEM",
"version": {
"version_data": [
{
"version_value": "12.10.1a and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000056241",
"refsource": "MISC",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000056241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2019-8999",
"datePublished": "2019-04-18T16:51:41",
"dateReserved": "2019-02-21T00:00:00",
"dateUpdated": "2024-08-04T21:31:37.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}