CVE-2021-22153
First published: Thu May 13 2021(Updated: )
A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of the user.
Credit: secure@blackberry.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Blackberry Unified Endpoint Management | <=12.12.0 | |
| Blackberry Unified Endpoint Management | =12.12.1a-quick_fix_1 | |
| Blackberry Unified Endpoint Management | =12.12.1a-quick_fix_2 | |
| Blackberry Unified Endpoint Management | =12.12.1a-quick_fix_3 | |
| Blackberry Unified Endpoint Management | =12.12.1a-quick_fix_4 | |
| Blackberry Unified Endpoint Management | =12.12.1a-quick_fix_5 | |
| Blackberry Unified Endpoint Management | =12.12.1a-quick_fix_6 | |
| Blackberry Unified Endpoint Management | =12.13.0 | |
| Blackberry Unified Endpoint Management | =12.13.0-mr1 | |
| Blackberry Unified Endpoint Management | =12.13.1-quick_fix_1 | |
| Blackberry Unified Endpoint Management | =12.13.1-quick_fix_2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-22153?
CVE-2021-22153 is a Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM.
What is the severity of CVE-2021-22153?
CVE-2021-22153 has a severity rating of 7.3 (High).
Which versions of BlackBerry UEM are affected by CVE-2021-22153?
BlackBerry UEM versions 12.13.1 QF2 and earlier, as well as 12.12.1a QF6 and earlier are affected by CVE-2021-22153.
How does CVE-2021-22153 exploit work?
CVE-2021-22153 allows an attacker to potentially run commands on the victim's local machine with the authority of the spreadsheet application.
How can I fix CVE-2021-22153?
To fix CVE-2021-22153, upgrade to BlackBerry UEM version 12.13.1 QF3 or 12.12.1a QF7 or later.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- vendor/blackberry
- canonical/blackberry unified endpoint management
- version/blackberry unified endpoint management/12.12.0
- version/blackberry unified endpoint management/12.12.1a-quick_fix_1
- version/blackberry unified endpoint management/12.12.1a-quick_fix_2
- version/blackberry unified endpoint management/12.12.1a-quick_fix_3
- version/blackberry unified endpoint management/12.12.1a-quick_fix_4
- version/blackberry unified endpoint management/12.12.1a-quick_fix_5
- version/blackberry unified endpoint management/12.12.1a-quick_fix_6
- version/blackberry unified endpoint management/12.13.0
- version/blackberry unified endpoint management/12.13.0-mr1
- version/blackberry unified endpoint management/12.13.1-quick_fix_1
- version/blackberry unified endpoint management/12.13.1-quick_fix_2