CVE-2019-8999

EPSS 0.44%
Veröffentlicht 18.04.2019 17:29:01
Zuletzt bearbeitet 21.11.2024 04:50:47
Quelle secure@blackberry.com
CVE-Watchlists
Login
Unerledigt
Login

An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Blackberry ≫ Unified Endpoint Management Version <= 12.10.1a

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.602

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

http://support.blackberry.com/kb/articleDetail?articleNumber=000056241

Patch

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2019-8999

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-8999

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-8999

EUVD