Vulnerabilities > CVE-2019-8999 - XXE vulnerability in Blackberry Unified Endpoint Management

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

blackberry

CWE-611

NVD

Published: 2019-04-18

Updated: 2019-04-19

Summary

An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.

Vulnerable Configurations

Part	Description	Count
Application	Blackberry Blackberry Unified Endpoint Management 12.7 Blackberry Unified Endpoint Management 12.8 Blackberry Unified Endpoint Management 12.9 Blackberry Unified Endpoint Management 12.10 Blackberry Unified Endpoint Management 12.10.1A	5

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

http://support.blackberry.com/kb/articleDetail?articleNumber=000056241