Lucene search

[email protected]NVD:CVE-2023-21521

HistorySep 12, 2023 - 7:15 p.m.

CVE-2023-21521

2023-09-1219:15:36

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

management console

blackberry athoc

vulnerability

sensitive data

database

administration operations

dbms

file system

operating system

command

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

32.9%

JSON

An SQL Injection vulnerability in the Management Console  (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.

Affected configurations

Nvd

Node

blackberryathocMatch7.15

VendorProductVersionCPE
blackberryathoc7.15cpe:2.3:a:blackberry:athoc:7.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
blackberry	athoc	7.15	cpe:2.3:a:blackberry:athoc:7.15:::::::*

References

support.blackberry.com/kb/articleDetail?articleNumber=000112406

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

32.9%

JSON

Related for NVD:CVE-2023-21521

cvelist1 prion1 cve1 vulnrichment1