CVE-2019-8997

MEDIUM

BlackBerry AtHoc < 7.6_hf-567 - XML External Entity Injection via Management Console

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-8997. PoCs published by nxkennedy.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2019-8997, an XXE vulnerability in BlackBerry AtHoc versions earlier than 7.6 HF-567. The exploit demonstrates arbitrary file read via a crafted XML payload.

Description

An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field.

Exploits (1)

nomisec WORKING POC 2 stars
by nxkennedy · poc
https://github.com/nxkennedy/CVE-2019-8997

This repository contains a proof-of-concept exploit for CVE-2019-8997, an XXE vulnerability in BlackBerry AtHoc versions earlier than 7.6 HF-567. The exploit demonstrates arbitrary file read via a crafted XML payload.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: BlackBerry AtHoc < 7.6 HF-567
No auth needed
Prerequisites: Access to a vulnerable BlackBerry AtHoc Management System console · Ability to submit crafted XML input
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 5.9
EPSS 0.0232
EPSS Percentile 81.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-611
Status published
Products (1)
blackberry/athoc < 7.6_hf-567
Published Mar 21, 2019
Tracked Since Feb 18, 2026