First published: Thu Mar 21 2019(Updated: )
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field.
Credit: secure@blackberry.com secure@blackberry.com
Affected Software | Affected Version | How to fix |
---|---|---|
BlackBerry AtHoc | <7.6_hf-567 | |
<7.6_hf-567 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE ID for this vulnerability is CVE-2019-8997.
CVE-2019-8997 has a severity rating of medium (5.9).
BlackBerry AtHoc versions earlier than 7.6 HF-567 are affected by CVE-2019-8997.
CVE-2019-8997 allows an attacker to potentially read arbitrary local files from the application server or make requests on the network.
Yes, updating to version 7.6 HF-567 or later of BlackBerry AtHoc fixes the vulnerability.