CVE-2019-8997

MEDIUM

Blackberry Athoc < 7.6_hf-567 - XXE

Title source: rule

Description

An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field.

Exploits (1)

nomisec WORKING POC 2 stars

by nxkennedy · poc

https://github.com/nxkennedy/CVE-2019-8997

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

http://support.blackberry.com/kb/articleDetail?articleNumber=000047227

Scores

CVSS v3 5.9

EPSS 0.0685

EPSS Percentile 91.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-611

Status published

Products (1)

blackberry/athoc < 7.6_hf-567

Published Mar 21, 2019

Tracked Since Feb 18, 2026