Lucene search

BlackberryCVE-2023-21521

HistorySep 12, 2023 - 7:15 p.m.

CVE-2023-21521

2023-09-1219:15:36

CWE-89

blackberry

web.nvd.nist.gov

sql injection

blackberry athoc

cve-2023-21521

vulnerability

data breach

database security

information security

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

32.9%

JSON

An SQL Injection vulnerability in the Management Console  (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.

Affected configurations

Nvd

Node

blackberryathocMatch7.15

VendorProductVersionCPE
blackberryathoc7.15cpe:2.3:a:blackberry:athoc:7.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
blackberry	athoc	7.15	cpe:2.3:a:blackberry:athoc:7.15:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "AtHoc",
    "vendor": "BlackBerry",
    "versions": [
      {
        "status": "affected",
        "version": "7.15"
      }
    ]
  }
]

References

support.blackberry.com/kb/articleDetail?articleNumber=000112406

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

32.9%

JSON

Related for CVE-2023-21521