CVE-2023-21521: SQL Injection
First published: Tue Sep 12 2023(Updated: )
An SQL Injection vulnerability in the Management Console (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
Credit: secure@blackberry.com secure@blackberry.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BlackBerry AtHoc | =7.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-21521.
What software is affected by this vulnerability?
BlackBerry AtHoc version 7.15 is affected by this vulnerability.
What is the severity of CVE-2023-21521?
The severity of CVE-2023-21521 is high, with a CVSS score of 7.2.
How does CVE-2023-21521 impact the system?
CVE-2023-21521 can allow an attacker to potentially read sensitive data from the database, modify database data, execute administration operations on the database, and recover data.
Is there a fix available for CVE-2023-21521?
Yes, a fix is available for CVE-2023-21521. Please refer to the vendor's website for more information.
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/blackberry
- canonical/blackberry athoc
- version/blackberry athoc/7.15