7.3
CVE-2021-22153
- EPSS 0.65%
- Veröffentlicht 13.05.2021 11:15:07
- Zuletzt bearbeitet 21.11.2024 05:49:36
- Quelle secure@blackberry.com
- CVE-Watchlists
- Unerledigt
LoginA Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of the user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Blackberry ≫ Unified Endpoint Management Version <= 12.12.0
Blackberry ≫ Unified Endpoint Management Version12.12.1a Updatequick_fix_1
Blackberry ≫ Unified Endpoint Management Version12.12.1a Updatequick_fix_2
Blackberry ≫ Unified Endpoint Management Version12.12.1a Updatequick_fix_3
Blackberry ≫ Unified Endpoint Management Version12.12.1a Updatequick_fix_4
Blackberry ≫ Unified Endpoint Management Version12.12.1a Updatequick_fix_5
Blackberry ≫ Unified Endpoint Management Version12.12.1a Updatequick_fix_6
Blackberry ≫ Unified Endpoint Management Version12.13.0 Update-
Blackberry ≫ Unified Endpoint Management Version12.13.0 Updatemr1
Blackberry ≫ Unified Endpoint Management Version12.13.1 Updatequick_fix_1
Blackberry ≫ Unified Endpoint Management Version12.13.1 Updatequick_fix_2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.684 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-1236 Improper Neutralization of Formula Elements in a CSV File
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by a spreadsheet product.